What is SOC?

System and Organization Controls, commonly referred to as SOC, are typically reports issued by independent auditors documenting a company’s internal controls. SOC reports typically cover areas that are likely to be relevant during an audit of a customer’s security processes, availability, financial statements and one or more of the AICPA trust services principles, including: processing integrity, privacy availability, and confidentiality,

A vendor’s SOC reporting, similar to how HIPAA compliance help protect health information, provide documentation validated by third party auditors that can assure customers, partners and other stakeholders that the vendor’s business has the appropriate controls in place to protect financial, employee and client data.

For this reason, most corporate performance management and financial reporting cloud solution vendors go through SOC compliance reviews so that they can provide their customers audited documentation in this area.

Why is SOC Compliance Important for Your Financial Data?

Companies increasingly rely on third party cloud solution providers to handle their data, whether it is for ERP systems, financial reporting, loan servicing or payroll processing. The business applications typically reside in public- or private cloud data centers.  As a result, there needs to be a high trust between the customer and the solution vendor that the data is carefully managed and protected. Some examples of the benefits of SOC compliance are:

  • It can reduce the potential liability to customers, partners and vendors when they conduct business with each other
  • It is a proactive assurance to address various risks across the organization
  • It can increase efficiencies and at the same time minimize time spent on audits and vendor questionnaires as well as reduce compliance costs
  • It provides a means for transparency that increases trust between internal and external stakeholders
  • With ever increasing concerns about data breaches, it can help meet contractual obligations and reduce concerns while conducting business with each other

How to Ensure that Your Vendor is SOC Compliant

In particular mid-sized and larger organizations want to engage with vendors that provide the benefits that come with SOC compliance. In general, it is easy to confirm such compliance by simply asking the vendor for a copy of their SOC report and ensure that it audited by an approved compliance company. Because of the potential dramatic down-sides and liability risks to both a customer and a vendor if there is e.g. a data breach or other large scale issues, it is important to get the SOC documentation and not just “take a sales person’s word” for it. As an example of alleged misrepresentation of SOC compliance read this Betakit article about Vena Solutions.

How to Quickly Replace Non-Compliant Solutions

Should you be in a situation where you need to quickly replace a non-SOC or non-HIPAA compliant financial reporting-, budgeting- or corporate performance management (CPM) solution, there are vendors with rapid deployment technologies and pre-built reports that can get you up and running with your core requirements in a matter of days.

For example, Solver, a global provider of financial reporting, budgeting and CPM solutions that are SOC and HIPAA compliant, offers its QuickStart deployment which rapidly connects the Solver cloud application to your ERP financial data and provides a marketplace with ready-to-use financial reports, dashboards and budget input templates.

In a world where mutual trust between customers and vendors are more important than ever, it is important to take SOC compliance seriously. And, not the least, it helps provide peace of mind so you can maximize your attention to the growth and success of your business.