CLOUD COMPUTING. OUTSOURCED FUNCTIONS. COMPETITION. CYBERSECURITY THREATS. COMPLIANCE REQUIREMENTS.
Is your organization demonstrating its commitment to maintain effective internal controls and safeguards to protect not only yourself but your customers?
Outsourced services users and their auditors increasingly are requesting more information than ever before about the effectiveness of controls at the service organizations they use, or are considering using, for outsourced business functions. KNAV can provide assurance reports that provide your users the valuable information they need to assess and address the risks associated with the outsourced services you provide, helping build trust and transparency.
THE VARIETY OF SOC FOR SERVICE ORGANIZATIONS OFFERINGS AVAILABLE INCLUDE:
SOC 1® — SOC for Service Organizations: ICFR — These reports are specifically designed to address controls at the service organization that are relevant to the user entities’ financial statements. They enable user auditors to perform risk assessment procedures and obtain audit evidence about whether controls at the service organization are operating effectively. Use of these reports is restricted to management of the service organization, user entities, and user auditors.
SOC 2® — SOC for Service Organizations: Trust Services Criteria — These reports address controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information these systems process. They provide a level of detail sufficient to address the user’s vendor risk management needs and are restricted to specified parties with sufficient knowledge and understanding of the service organization’s system and the nature of services it provides. Use of these reports generally is restricted to service organization management, user entities of the system, business partners, CPAs providing services to user entities and business partners, and regulators.
SOC 3® — SOC for Service Organizations: Trust Services Criteria for General Use Report — Like SOC 2, these reports address controls relevant to security, availability, processing integrity, confidential and privacy. However, they do not provide the same level of detail. Therefore, they are considered general use reports and can be freely distributed.
THE EDUCATION, EXPERIENCE AND EXPERTISE OF KNAV’S TEAM POSITIONS ITSELF AS THE PREMIER PROVIDERS OF SOC FOR SERVICE ORGANIZATIONS SERVICES.
- Knowledge of relevant IT systems and technology, including mainframes, networking, firewalls, network management systems, security protocols and operating systems
- Understanding of IT processes and controls, such as management of operating systems, networking and virtualization software and related security techniques; security principles and concepts; software development; and incident management and information risk management
- Experience with common security and cybersecurity publications and frameworks
- Expertise in evaluating processes, control effectiveness and providing advisory and assurance services relating to these matters
- Multidisciplinary teams that incorporate certified information security professionals such as Certified Information Systems Auditors (CISA)
- Proficiency in measuring performance against established criteria, applying appropriate procedures for evaluating against those criteria and reporting results
- Strict adherence to service-specific professional standards, professional code of conduct and quality control requirements
- Holistic understanding of entity’s industry and business, including whether the industry in which the entity operates is subject to specific types of or unusual cybersecurity risks and uses specific industry technology systems
- Objectivity, credibility and integrity
- Independence, professional skepticism and commitment to quality
- Strong analytical skills
- International perspective for global organizations