SOC 1 and SOC 2 compliance confirms tech company’s data security

September 26, 2018 Case Study 1 min read
Authors:
Sarah Pavelek Natalie Pintar
Technology provider assures multiple owners and large customer base of data security with SOC 1 and SOC 2 compliance
Cyber case study

The challenge

The company wanted to meet customer and owner demands to demonstrate data security within its web-based application, since it collects and stores a vast amount of sensitive information.

The solution

Given pressure from multiple owners for robust security and compliance, as well as customer requests to audit the company’s security controls, the company sought a third party to review its internal controls. Our engagement began with initial planning meetings to ensure clear communication with all involved parties. Our team, which included multiple partners and senior-level staff, took an all hands-on-deck approach from day one.

We began with the legacy auditing standard SAS 70 (now SOC 1) and have continued to perform SOC examinations as well as attack and penetration work. Working closely with management, we identified appropriate controls for SOC 1 and, when SOC 2 was released by the AICPA, we helped our client determine whether the addition of SOC 2 would help satisfy growing customer compliance requirements. Ultimately, SOC 2 was completed, and the company updated its privacy policy to align with requirements. The SOC 2 work led to formalized policies and we advised the company communicate to its workforce and report to its audit committee annually. Our team continues to regularly perform attack and penetration testing to help the company maintain the security of its application.

The benefit

Our experts provided guidance to the company at a very early stage, which laid the foundation for an ongoing, efficient, and collaborative working relationship. Our team was constantly in touch with company management, and we provided the majority of service on-site, which was important to the client.

Our continued close working relationship means company leadership calls on our team whenever they need advice. When the client acquired another company with contracts that required a SOC examination, they again turned to our professionals. Ultimately, the ability for our client to provide an independent, third-party report on the controls for the data security of its credit application management system has improved customer and owner confidence and reduced time spent addressing customer audit requests.

Related Services:

Consulting Enterprise Risk Management Technology Consulting

Related Industries:

Health Tech Professional Services Technology Companies

Related Thinking

Shopper looking at products in grocery store aisle, considering SKU rationalization and accurate costing data.
April 22, 2024

The art of SKU rationalization: Getting accurate costing data

Article 5 min read
View of a stormy sea and cloudy sky from a sailboat.
April 16, 2024

Steering succession in the storm

Article 4 min read
Group of business professionals in a modern conference room meeting and discussing nontraditional lenders.
April 11, 2024

Nontraditional lenders: What your clients need to know to thrive

Article 6 min read