A SOC 2 Report (System and Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting. The SOC 2 Report is what you would have previously considered to be the standard SAS70, complete with Type I and Type II reports, but falls under the SSAE 16 guidance (and soon to be SSAE 18).
Why is being SOC 2 Compliant Significant?
Louisville Geek performs a variety of technology-based outsourced services that affect the financial statements of its clients. To receive SOC certification, a company must demonstrate (to a 3rd party service auditor) that they have sufficient policies and strategies that adequately protect clients’ data. Specifically, being SOC 2 certified provides service providers a way to verify their controls for protecting and securing data, as well as making sure it’s accessible.
What does the independent 3rd party CPA firm audit, specifically?
They audit the company’s availability, security, privacy, confidentiality and system integrity controls (otherwise known as statement on standards for attestation engagements, or SSAE).
A SOC 2 audit is extensive, based on multiple principles and criteria testing of up to five controls:
- Security: this ensures the physical and logical systems are protected against unauthorized access
- Confidentiality: information designated as confidential is protected as committed or agreed
- Availability: the system is available for operation and use as committed or agreed
- Processing Integrity: image processing is complete, accurate, timely and authorized
- Privacy: personal information is collected, used, retained, disclosed, and disposed of according to the existing privacy notice
Who conducted Louisville Geek’s SOC 2 Audit and when did Louisville Geek receive this certification?
The SOC 2 audit was conducted by MCM CPA’s and Advisors, one of the largest accounting firms in the Midwest regions. The audit began on November 1st, 2017 and Louisville Geek earned SOC 2 certification status on March 30th, 2018.