Global transaction processing conglomerate reduces client audits and creates proactive SOC reports.

The client
A global transaction processing conglomerate with over 120 facilities and 15,000 employees
sought an efficient way to issue SOC reports in order to retain its clients.
The challenge
As the company merged and grew, it discovered how critical it was to evaluate the
control environment of the new companies it acquired. The company also needed an
efficient process for adding the controls of the new companies into its SOC reporting
The solution
Our team was engaged based on previous SOC work and the expertise and comfort in
utilizing one firm for all aspects of security audits. Our team traveled internationally to
the company’s facilities to best administer a thorough risk assessment. We identified key
personnel in the organization, taking care to include a broad scope of its population for
interviews to understand its entire controls environment. Our team set up a process to
manage employee turnover, which can pose a problem with knowledge transfer. We also
streamlined the process of adding mergers & acquisitions to its SOC report. Ultimately,
we were able to meet its expectations of issuing five SOC reports annually to address its expansive list of service offerings.
The benefit
The transaction processing company has significantly reduced the number of onsite
client audits due to the presence of its proactive, annual SOC reports. It also
experienced our firm’s “one stop shop” services. By auditing the company once,
we then apply our learnings to all standards and reporting. In addition to this
SOC 1 work, the company engaged our team for SOC 2 reporting and HITRUST
work later this year, and a PCI audit in 2017, amongst additional traditional
compliance services.