Article
Why it’s key for technology companies to prove integrity of internal controls
Sept. 16, 2020 · Updated May 26, 2022 · Authored by Lisa Dion, Kim Koch
Many technology companies depend on the integrity of their internal control environment to serve and protect their business and customers.
Particularly when work environments are shifting to increasingly remote functions in response to the COVID-19 pandemic, technology companies are at the forefront of not only providing secure systems to help carry out those functions but also needing to protect confidential and personal data as a result.
One way to help build confidence — and potentially drive revenue — with the integrity of your internal controls is through a System and Organization Control (SOC) report or audit. These are commonly requested to show systems are secure and data is protected. This is becoming more prevalent at technology start-ups where such a report is often considered an entry to doing business.
Who needs a SOC report?
In addition to start-ups, mid-size and larger companies also conduct annual SOC audit. Services within outsourcing arrangements that drive SOC 1 or SOC 2 adoption include the following:
- Software as a service (SaaS)
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
- Cloud providers
- Big data technologies
- Advanced analytics
- Artificial intelligence-focused companies
- Managed services
What challenges can be combated with SOC reports?
Integrity is complicated to secure with new technologies unveiled at record speeds and the increased prevalence of third-party vendors.
In fact, requests for SOC 2 reports — which evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, or privacy — are increasing in tandem with the IT industry’s growth.