We expect and rely on information security experts and engineers to keep up-to-date with the latest exploits or attacks, just as we expect compliance experts to maintain a high level of certainty in their controls and tests. It’s part of how we’re able to address the new technology threats and risks that appear on the horizon every day.
ServerCentral is no exception.
Late last year, the AICPA, who controls the underlying guidelines for SOC reports, published their latest revision of the Trust Service Principles (now the Trust Service Criteria) that govern the SOC 2 audit. In addition to streamlining the controls, the AICPA put a much higher emphasis on risk assessment and internal auditing—two areas they found lacking prior to 2016.
A full overview of the framework changes can be found here: https://linfordco.com/blog/2017-tsp-section-100-trust-services-criteria-soc-2.
ServerCentral—like all companies who pursue a SOC 2 report—had to adapt to the new control sets to maintain our audit. Implementing the changes was an elaborate process, with each step requiring:
- Creating internal committees
- Refactoring internal controls and processes
- Retraining staff to meet more stringent requirements
The considerable effort has been reflected in the additional time taken to produce the SOC report for customers this year.
As the second week of September comes to a close, we’re five yards from the end zone and will deliver a touchdown to our clients next week in the form of our best SOC report in ServerCentral history.
We hope the care taken to produce this report further demonstrates our dedication to ensuring customer data is secure and protected inside ServerCentral facilities and systems.
