AICPA System and Organization Controls audit and attestation provides assurance of robust security, availability, processing integrity of systems,
BOTHELL, Wash.–(BUSINESS WIRE)–#AICPA–ISOutsource, the premier provider of outsourced information services to small and medium sized businesses across the West, today announced completion of its SOC 2® — System Operations Controls for Service Organizations: Trust Services Criteria—Type 1 Audit/Attestation.
SOC 2 is a descendant of SAS 70 reports, SSAE 16, and other American Institute of CPAs (AICPA) established auditing standards. It provides a way for service organizations to build trust and transparency through external verification of internal controls. Using AICPA established criteria, multidisciplinary teams composed of licensed CPAs and information technology and security specialists perform the audit and provide reports relevant to security, availability, processing integrity, confidentiality, and privacy.
According to ISOutsource Chief Technology Officer, Andrew Healey, “Any IT support provider can make a claim like, ‘We do Incident Response tabletop exercises quarterly,’ but it’s nearly impossible for their clients to determine if this statement is a statement of fact or just an exaggerated marketing claim. The SOC 2 audit required ISOutsource to prove to an outside audit firm that we perform those exercises and many more. The auditors validated our policies and procedures to ensure that they are suitable and effective in protecting our organization and our information systems. The entire process ensures to our clients that our systems are robust and secure, and our processes are mature and effective.”
The SOC 2 report provides assurance about the controls that affect the security of the system. Stakeholders who may benefit from this report are regulators, business partners, and most of all ISOutsource clients (and prospective clients) who operate in highly regulated industries (HIPAA, ITAR, FERPA, SEC, et al.).
The SOC 2 audit also positions ISOutsource as uniquely qualified to provide cyber-risk and compliance consulting services. “Having been through this process ourselves, we support our clients with pre-audit readiness, vendor management, risk mitigation, and cyber-security consulting services,” Healey added.
A summary of the ISOutsource SOC audit is available at the ISOutsource web site. The detailed SOC 2 Type 1 Attestation is also available to prospective clients and business partners subject to an NDA.
ISOutsource is the West’s premier provider of outsourced information services: IT support and technology consulting. With offices in Seattle, Portland, Phoenix, Spokane, and Bothell, WA (corporate headquarters) the company employs nearly 90 people with the shared goal of ensuring that ISOutsource clients feel happy, productive, and supported in their use of technology.