Over the past several years, companies have been more aware of the importance of internal controls over third-party hosted systems, services and data.
The increasingly sophisticated cloud computing environment has introduced new risks and challenges for organizations. Any effective system of internal control must adapt to new challenges and changes. Today's business environment strains controls that were once sufficient.
This paper introduces a new breed of controls reporting options in place of the former Section 5970 and SAS 70 reports that provided customers with board coverage over their internal controls. It provides outsourced service providers and their customers with an understanding of the new Service Organization Controls (SOC) reports 1, 2 and 3 options, the ability to compare and contrast the options to assist with determining the best fit and suggested steps in scoping and delivering a SOC report.