New digital business model? Get ahead of customer demands for data security and privacy

Across industries, new digital business models have emerged—many, in response to the pandemic—as companies innovate to meet shifting customer needs. Huge amounts of customer data are suddenly being pumped into new systems, many of them cloud-based.

Companies may find themselves contending with demands for more transparency regarding their data security and privacy practices to build trust with customers in these new digital environments. Enhancing controls over data, including use of emerging technology, is essential. How can you help protect customer data as digital business practices continually evolve?

Process and controls assurance

More companies are discovering the advantages of System and Organization Controls (SOC) Reporting to proactively provide clients with third-party assurance over their processes and controls related to data and security, confidentiality and privacy.

Consider these three examples:

Industrial manufacturer’s smart equipment creates advantages — and potential vulnerabilities

A multinational heavy equipment manufacturer has never needed to provide corporate customers with assurances over internal controls — until now. The company introduced a line of smart equipment that remotely collects real-time data from the field, detailing a customer’s equipment usage.

Receiving this type of data has proved valuable to clients, including details such as:

Usage of consumable materials
Up-time vs. down-time for each piece of equipment in service
Status of parts requiring maintenance

The operations director at one client expressed how these new reports help him manage his equipment fleet more efficiently, which also increased productivity. But he also wondered how their data were being stored and if their equipment usage data could potentially be accessed by competitors. Could this arrangement somehow make them vulnerable to someone compromising the data from their equipment?

The equipment manufacturer found that this client’s concerns weren’t unique. They started getting more requests for transparency regarding commitments to customers around their internal controls related to the new smart equipment line. While the company had been promoting the advantages of data reporting, proactively providing their customers with a SOC 2 report provided an independent opinion about data security. The report provided independent assurance that controls were in place — for both business processes and information technology. The result was enhanced transparency and trust with customers through an independently assured report.

Business products company’s connected platforms increases ROI — but with added risk

Consider the challenges faced by a developer of industrial controls instrumentation. This company offers devices that let clients monitor and control different environmental variables within their facilities, such as temperature, lighting, and air quality. A recently developed software platform now lets customers connect these devices so they talk to each other and provide a wealth of intelligence and new levels of operational controls. The new software platform provided an additional revenue stream, helped increase the sale of existing products and has also increased customer satisfaction. But with these additional opportunities have come added risk.

The new software platform created a virtual command center that was very powerful. However, the IT director at one client expressed concern about all of the potential access points, since connectivity works both ways. How could clients know that these newly connected devices wouldn’t impact their cybersecurity or data privacy?

The company found that, before some customers would purchase the added benefits of the new software platform, they wanted assurances about the integrity and security of the new platform. They already had ISO certifications for their products. But those assessments didn’t go far enough to ease their customers’ concerns. Providing access to a SOC 2 report helped provide the independent assurance many of their customers needed to be comfortable with the security of the new software platform.

The SOC report helped:

Drive trust and transparency with internal and external stakeholders
Increase efficiencies while reducing compliance costs and time spent on audits and completing vendor questionnaires
Meet contractual obligations and market concerns through flexible, customized reporting
Proactively address risks across the organization

Energy field service company’s expansion of digital offerings creates new demands

A company providing oil and gas field services including testing, sampling and flowback support has deployed new technology to improve efficiency. Expanded remote servicing of equipment, which became critical during the pandemic, has reduced costs and has involved collecting more field data from customers. The increased data flow also led to the development of new web-based report offerings that let clients monitor and analyze production.

Customers were pleased that the company’s new digital capabilities have helped them better optimize production and reduce equipment downtime. The ability to leverage production data more effectively has also been a boon for customers, providing insights needed to increase production. However, more customers have been asking about how the company is protecting against potential cyber risks that could result from the new offerings. One customer even asked the company to discontinue remote servicing of equipment after the customer suffered a data breach that occurred from its relationship with a different vendor.

Providing a SOC 2 report helped assure customers regarding the company’s data security and privacy practices. As a result, the company was better able to market its new digital services and increase customer satisfaction.

How PwC can help

PwC offers a range of attestation services to help companies provide assurances regarding the security, availability, confidentiality, processing integrity, and privacy of their data. In addition to providing SOC reports, PwC also can assist your organization with:

Defining attest/certification reporting requirements
SOC readiness
Controls remediation and optimization
Ongoing SOC reporting project management

Defining attest/certification reporting requirements

We can help you assess the declarations made by management to customers regarding performance to advise on what type of reporting will meet your needs.

SOC readiness

Our professionals will conduct interviews, review policies and procedures, perform walkthroughs, select samples for testing, and identify any control gaps and provide recommendations to help improve the efficiency and effectiveness of your SOC reports.

Controls remediation and optimization

We can help determine the existence of auditable evidence needed for your SOC report and perform remediation testing.

Ongoing SOC reporting project management

Receive advice and assistance in developing formal project plans and tracking and monitoring progress for all of your organization's SOC reporting. PwC can also provide assist in working with external auditors, coordinating stakeholder interaction, and Identifying areas for improvement.

Contact a member of our team to learn more about how PwC can assist your organization with SOC reporting.

Contact us

Todd Bialick

US Digital Assurance and Transparency Leader, PwC US

Jay Schaldecker

Digital Assurance and Transparency Partner, PwC US

Mir Kashifuddin

Data Risk & Privacy Leader, PwC US

Trust solutions Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2023 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.