Skip to Content
Cyber case study
Case Study

SOC 1 and SOC 2 compliance confirms tech company’s data security

September 26, 2018 / 1 min read

Technology provider assures multiple owners and large customer base of data security with SOC 1 and SOC 2 compliance

The challenge

The company wanted to meet customer and owner demands to demonstrate data security within its web-based application, since it collects and stores a vast amount of sensitive information.

The solution

Given pressure from multiple owners for robust security and compliance, as well as customer requests to audit the company’s security controls, the company sought a third party to review its internal controls. Our engagement began with initial planning meetings to ensure clear communication with all involved parties. Our team, which included multiple partners and senior-level staff, took an all hands-on-deck approach from day one.

We began with the legacy auditing standard SAS 70 (now SOC 1) and have continued to perform SOC examinations as well as attack and penetration work. Working closely with management, we identified appropriate controls for SOC 1 and, when SOC 2 was released by the AICPA, we helped our client determine whether the addition of SOC 2 would help satisfy growing customer compliance requirements. Ultimately, SOC 2 was completed, and the company updated its privacy policy to align with requirements. The SOC 2 work led to formalized policies and we advised the company communicate to its workforce and report to its audit committee annually. Our team continues to regularly perform attack and penetration testing to help the company maintain the security of its application.

The benefit

Our experts provided guidance to the company at a very early stage, which laid the foundation for an ongoing, efficient, and collaborative working relationship. Our team was constantly in touch with company management, and we provided the majority of service on-site, which was important to the client.

Our continued close working relationship means company leadership calls on our team whenever they need advice. When the client acquired another company with contracts that required a SOC examination, they again turned to our professionals. Ultimately, the ability for our client to provide an independent, third-party report on the controls for the data security of its credit application management system has improved customer and owner confidence and reduced time spent addressing customer audit requests.

Related Thinking

Business professional checking the multifactor authentication code on their cell phone.
November 1, 2024

Preparing for the inevitable: Navigating third-party tech failures

Article 7 min read
Parent sitting on the floor with their child and learning about how school districts can proactively manage cyber risk to protect student data.
October 30, 2024

Cybersecurity essentials for K-12 schools: Protecting students and data

Article 6 min read
Aerial view of shipping port.
October 22, 2024

Supply chain resilience: Lessons from the latest port strikes

Article 3 min read