New levels of accountability, which come not just from new laws and regulations, but also from the expectations of a broader stakeholder group, have elevated the concerns at board level of ensuring that effective, robust and reliable governance and compliance tools are in place and being utilised.
Over the past decade, a series of business and economic crises — and subsequent governmental responses — have significantly increased the scrutiny of and demands upon businesses with respect to corporate governance issues and compliance programs. In addition to the Sarbanes-Oxley Act of 2002 (legislation driven by highly publicized accounting scandals) and the Dodd-Frank Act of 2010, federal and state regulators have implemented complex and wide-ranging rules and regulations. Law enforcement agencies have ramped up their investigative and prosecutorial efforts, and shareholder groups and institutional shareholders are challenging governance and ethics practices at every turn.
SOC 2 focuses on important policies and procedures not directly tied to revenue. It was crafted to address the needs and concerns of a world where internal technologist have the potential to peck around and steal financial and computing resources, as well as personal information. As a result, the SOC 2 report focuses on at least one of these five principles:
- Security: The system is protected against both physical and logical unauthorized access.
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and criteria set forth in Generally Accepted Privacy Principles issued jointly by the AICPA and the CICA.
For more information on Compliance and governance please contact us.