As cybercrime increases in its frequency and severity, companies must be more intentional to protect themselves and their customers. Gone are the days when only the big, nationally-recognizable companies are the only targets for data breaches. These days, companies of all sizes and in all industries need to take action.
So, if your customers have asked you for a report about your company’s internal controls (your SOC) and you thought they were talking about your footwear (your socks), this episode is for you.
System and Organization Controls (SOC) reports are becoming a necessity for many organizations as they strive to protect their data and instill trust in their customers, but it can be difficult to really get a grasp on what your company needs and what you can expect. How do you know what you need? Why does it matter at all?
In this episode of The Wrap, special guests Angie Akerman, CISA and Justin Headley, CISSP, CISA join our hosts to answer the question: Why is SOC reporting important to service providers?
After listening to this episode, you’ll be able to:
- Know what a SOC Report is and why a company would need one
- Understand the differences between SOC 1 and SOC 2, as well as Type 1 and Type 2 Reports
- Have an idea of which report your business might need, or if you might need both
- Know what businesses can expect during and after a SOC examination
Recommended resources for additional learning
- SOC Reports Explained: Building Trust in the Services You Provide
- Which SOC Report is Right for Your Organization?
- Why Should You Know the Risks of Others? [Six Steps for Implementing a Vendor Management Strategy]