SOC 2 for Startups: Boosting Your Startup with SOC 2

SOC 2 for startups may seem like a difficult endeavor given the moving parts involved in launching and maintaining a successful startup. From funding to revenue, it can be easy to neglect compliance examinations like a SOC 2 Examination – or delay completing one until a future date. Continue reading “SOC 2 for Startups: Boosting Your Startup with SOC 2”

Leveraging a SOC 2 Examination to Differentiate Your MSP

IT security is an ever-growing concern from consumers and businesses. The last few years of breaches resulting from insecure IT environments have changed the buying process and selection criteria for many organizations. Continue reading “Leveraging a SOC 2 Examination to Differentiate Your MSP”

Updates to the AICPA’s SOC 2 Framework

The American Institute of Certified Public Accountants (AICPA) recognizes the growing demand for transparency and strengthened controls within multifaceted risk environments. The SOC 2 framework continues to improve the security measures that should be implemented to protect organizations against emerging threats. Continue reading “Updates to the AICPA’s SOC 2 Framework”

The Value of SOC 2

If your service organization processes customer transactions that impact financial reporting, such as payroll or other financial reporting functions, you are more than likely familiar with the SSAE 16 SOC 1 report and its predecessor the SAS 70. Your customer’s auditors request the SAS 70, now the SSAE 16, every year to fulfill your customer’s year-end financial statement audit requirements. You gladly undergo the annual SSAE 16 audit so you have the report ready for your customers each year. One SSAE16 audit is worth keeping an army of customer auditors from knocking on your door asking for the same evidence of internal controls. More than likely the SSAE 16 is also required to meet contractual obligations to your customers. So to reduce the number of audits you have to endure each year, to meeting contractual obligations and also to get an independent evaluation of your internal controls, you engaged a CPA firm to perform the SSAE 16 audit. Continue reading “The Value of SOC 2”

SOC 2 – Not your prior year SAS 70

After a 20 year reign as the service auditor’s report, the SAS 70 was retired this summer with much fanfare. After being used to communicate the design, implementation and operating effectiveness of controls at every type of service organization imaginable, the AICPA published new standards that better align the type of service organization and service provided to the report used to communicate the design, implementation and operating effectiveness of controls to the user of the report. Continue reading “SOC 2 – Not your prior year SAS 70”