Skip to Content
Cyber case study
Case Study

SOC 1 and SOC 2 compliance confirms tech company’s data security

September 26, 2018 / 1 min read

Technology provider assures multiple owners and large customer base of data security with SOC 1 and SOC 2 compliance

The challenge

The company wanted to meet customer and owner demands to demonstrate data security within its web-based application, since it collects and stores a vast amount of sensitive information.

The solution

Given pressure from multiple owners for robust security and compliance, as well as customer requests to audit the company’s security controls, the company sought a third party to review its internal controls. Our engagement began with initial planning meetings to ensure clear communication with all involved parties. Our team, which included multiple partners and senior-level staff, took an all hands-on-deck approach from day one.

We began with the legacy auditing standard SAS 70 (now SOC 1) and have continued to perform SOC examinations as well as attack and penetration work. Working closely with management, we identified appropriate controls for SOC 1 and, when SOC 2 was released by the AICPA, we helped our client determine whether the addition of SOC 2 would help satisfy growing customer compliance requirements. Ultimately, SOC 2 was completed, and the company updated its privacy policy to align with requirements. The SOC 2 work led to formalized policies and we advised the company communicate to its workforce and report to its audit committee annually. Our team continues to regularly perform attack and penetration testing to help the company maintain the security of its application.

The benefit

Our experts provided guidance to the company at a very early stage, which laid the foundation for an ongoing, efficient, and collaborative working relationship. Our team was constantly in touch with company management, and we provided the majority of service on-site, which was important to the client.

Our continued close working relationship means company leadership calls on our team whenever they need advice. When the client acquired another company with contracts that required a SOC examination, they again turned to our professionals. Ultimately, the ability for our client to provide an independent, third-party report on the controls for the data security of its credit application management system has improved customer and owner confidence and reduced time spent addressing customer audit requests.

Related Thinking

Three business professionals having a conversation at a circular table while sitting down
December 20, 2024

Navigating M&A purchase price adjustments: Tips for reducing risk

Article 6 min read
Business professionals in a conference room discussing FFIEC CAT sunset
December 16, 2024

FFIEC CAT sunset: Considerations for choosing a new cybersecurity framework

Article 6 min read
Two business professionals holding a notepad and discussing with one another
December 16, 2024

Value creation: The upside of extended holding periods

Article 5 min read