SOC Compliance

CT Logistics is SOC Compliant

Service Organization Controls (SOC) are a series of accounting standards that measure the control of financial information for a service organization.
 

  1. SOC compliance is part of the AICPA Service Organization Control (SOC) reporting platform. In an effort to dramatically revamp reporting on service organizations (and to align with the growing trend of globally accepted accounting principles), the American Institute of Certified Public Accountants (AICPA) launched the SOC reporting platform, for which there are three (3) reporting options: SOC 1, SOC 2, and SOC 3.
  2. SOC compliance is conducted in accordance with AT 101. AT 101 is a professional standard that has now been given the spotlight, thanks in part to the requirement that SOC reports utilize this "attestation standard" for purposes of reporting.
  3. SOC compliance is for technology and cloud computing entities that are service organizations.  SOC utilizes the 5 Trust Services Principles (TSP) as the general framework for conducting this type of engagement (SysTrust | WebTrust).  SOC requires that all five (5) TSPs be included for issuing a report.

 

SOC compliance is important in today's world of technology and computing, and as such, there are 5 important items regarding this specific Service Organization Control (SOC) reporting framework.

 

The 5 TSPs (Trust Services Principles) are the following:

  • Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the privacy principles put forth by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
     
  • Confidentiality:  Information that is designated “confidential” is protected as committed or agreed.
     
  • Processing Integrity:  System processing is complete, accurate, timely, and authorized.
     
  • Availability: The system is available for operation and use as committed or agreed to.
     
  • Security: The system is protected, both logically and physically, against unauthorized access.

 

SOC requires a written statement of assertion by management of the service organization, along with a description of the firm's "system". This auditing standard requires a description of "controls."