This website uses cookies to provide necessary site functionality, monitor performance, give you access to products and services that are most relevant to you, and improve the online user experience. For further information about how we use cookies, please visit our Privacy Statement. For information on how to adjust your cookie preferences including how to delete cookies, please consult your browser’s “Help” function.
If your clients rely on your company to store or manage applications or data you may now, or in the future, be required to provide those clients with assurance over the effectiveness of your internal controls relating to data security, availability, processing integrity, confidentiality, and privacy (also known as the Trust Services Principles).
This assurance is usually provided to clients through the issuance of what is referred to as a SOC 2 or SOC 3 audit report.
Important changes came into effect on December 15, 2018 that require all SOC 2 and SOC 3 audit reports issued after that date to conform to updated 2017 Trust Services Criteria.
These changes will impact companies that are already conducting SOC 2 and SOC 3 audits for the benefit of their clients, as well as those that are poised to begin such audits. This is largely because the 2017 Trust Services Criteria feature much tighter control objectives surrounding cybersecurity, while simultaneously increasing flexibility around security and privacy objectives.
While new Trust Service Criteria will include countless new amendments, some of the more notable changes include:
Given that these significant changes mean an increase in the number of controls that could be within the scope of the SOC 2 and SOC 3 audit, there may currently be gaps in your existing system of control. We can help you uncover them, and determine which new controls need to be deployed, by conducting a readiness assessment and creating a strategic roadmap to move forward. We can also assist you by updating management’s description of the internal control system and ensuring the appropriate disclosures are made to ensure they are consistently and effectively communicated to all of your clients.
In today’s business environment, everyone wants to work with companies that are committed to reducing risk to data privacy, confidentiality, and the other trust principles.
By taking steps to meet the requirements of the updated 2017 Trust Services Criteria, you’ll not only increase the strength of your systems of control but also those of the clients which rely upon and trust you.
Grant Thornton Business Risk Services specializes in helping businesses navigate all areas of SOC 2 and SOC 3 audits. So, whether you’re conducting one for the first time, or are looking to meet today’s new requirements, we can support you—every step of the way.
To learn more about , or to acquire more information about the changes to SOC 2 and SOC 3 audits, contact us.
