By: Scott Price, Managing Partner of A-LIGN
As a leading provider of assurance, security, and compliance services, A-LIGN is often asked why clients should or should not have an annual examination performed. Below is a list of the (5) five benefits we have found that provide the most value for our clients when considering the annual scheduling of their compliance assessment(s).
Clients that engage A-LIGN for multi-year engagements reap the benefits of pricing efficiencies that result from using the same methodology, audit team and prior year report.
Companies who annually undergo compliance examinations are able to show that their system is assessed every twelve months. This gives your clients assurance that they can trust your company’s operations and controls. Organizations who do not undergo an annual report may be viewed as having gaps in the reporting of their systems, which may cause potential customers to select another vendor who has a current report.
As more and more companies are required to comply with specific security and compliance guidelines, many business owners consider these reports when making vendor selection decisions.
Utilizing your report as an advertisement for your organization’s compliance success builds a unique competitive advantage for businesses to showcase their compliance. Timeliness of press releases, website updates, email blasts and social media posts are key when targeting prospects, as most reports are only based on a twelve month assessment.
Behind every report is an assessment that tests the security, confidentiality, and integrity of data stored by your organization. The independent assessment of your people, processes and technologies provides support to your clients as well as your management team that the controls are in place.
Logos, Seals & Marks
AICPA’s SOC Logo is a highly recognizable branded image for service organizations to show their compliance with SOC standards. This logo can only be displayed on your website and other marketing collateral for a period of twelve months following the date of the SOC report issued by your auditor. If a new report is not issued after twelve months, you must cease use of the Service Organization Logo per the AICPA licensing guidelines.
Once a Trust Services Seal is issued, an organization may continue to display the seal on their website provided that they obtain an updated, unqualified practitioner’s report on a regular basis. However, if the organization is no longer in compliance, they must remove the seal from their website. The interval between updates should never exceed twelve months.
Cloud Service Providers (CSPs) who meet FedRAMP security requirements can utilize FedRAMP marks. FedRAMP requires that CSPs have an independent assessment performed by an Accredited FedRAMP 3PAO and have their completed security package available for Federal Agency leveraging within the FedRAMP secure repository.