Data and digital transformation is squarely on the agenda for many businesses. The use of cloud resources, data storage, processing integrity, and ‘everything as a service’ has increased.
Outsourcing data management and processing is now the norm for many industries. Along with this is the need to address risk and controls when it comes to data privacy and handling.
If you are a third party supplier of handling and processing sensitive customer information, then the onus is on you to test your security controls to ensure you are compliant with data privacy provisions across jurisdictions.
With the influx of data privacy requirements, we are seeing the business landscape increasingly trending toward SOC reports for service suppliers now accepted as just being a part of the cost of doing business – so now is the perfect time to get prepared with a SOC report.
SOC reports can take the form of SOC 1 or 2, or alternatively a tailored attestation report:
SOC 1 (sometimes referred to or GS007 report or ASAE3402 report) is an audit report specifically addressing the security of financial statements, suited to those operating a financial reporting service.
SOC 2 is a broader audit report for those dealing with sensitive information, providing assurance relevant to security, availability, processing integrity of systems used to process data, and confidentiality and privacy of the information processed and/or held. Grant Thornton are the only firm in Australia that are able to issue a SOC 2 report without oversight from a US audit firm.
If your organisation needs to address subject matter that does not appear to be satisfied by a SOC report, a customised attestation report using another attestation standard may be the answer. Our dedicated team can discuss with you the alternative standards to find the one that will best address your unique needs.
Risk management is a company-wide concern, with most stakeholders now requesting an SOC report as part of supplier due diligence prior to an engagement, or ongoing monitoring processes. SOC reports provide a transparent assurance of internal control accountability and for addressing multiple stakeholder assurance demands. Grant Thornton can help you decide which SOC report is applicable to your business or client requirements, and conduct and certify the chosen SOC report.
With a range of reporting options available, it’s never been easier for businesses to be prepared, apply the right set of risk controls and satisfy stakeholder assurance requirements with a tailored report.
Subscribe now to be kept up-to-date with timely and relevant insights, unique to the nature of your business, your areas of interest and the industry in which you operate.