Baker Tilly Poll Shows Most Organizations Not Compliant with New SOC 2 Criteria

7 May by Vitaliy Dadalyan

Baker Tilly Poll Shows Most Organizations Not Compliant with New SOC 2 Criteria

New criteria effective for reports with examination periods ending after Dec. 15, 2018

CHICAGO–(BUSINESS WIRE)–lt;a href="https://twitter.com/hashtag/SOC2?src=hash" target="_blank"gt;#SOC2lt;/agt;–A flash poll conducted by Baker Tilly Virchow Krause, LLP (Baker Tilly) indicates 75% of respondents, having knowledge of their standing with System and Organization Controls (SOC) 2, said their organization has not yet evaluated their controls to ensure agreement with the new 2018 Trust Services Criteria, effective for reports with examination periods ending after Dec. 15, 2018.

“Organizations undergoing a SOC 2 report should account for key changes involving compliance now,” Mark Boettcher, senior manager in Baker Tilly’s risk, internal audit and cybersecurity practice, said. “As a result of these changes, SOC 2 report recipients should ultimately notice more transparency in their vendor management programs and gain a significant advantage in the marketplace over their competition.”

“Clients also report a huge time-savings related to security questionnaires,” Andy Wittig, senior manager in Baker Tilly’s risk, internal audit and cyber security practice, said. “Responding to or processing questionnaires consumes valuable company resources for both service organizations and report recipients. A SOC 2 helps organizations standardize that process, and save a lot of time on both ends of the equation.”

Baker Tilly recently held an educational webinar, “Transitioning between SOC reports,” providing insight into the key differences between the SOC 1 and SOC 2 report, and why a company receiving a SOC 1 report would need or benefit from a SOC 2 report.

The webinar presenters discussed:

  • The differences between the SOC 1 and SOC 2 report
  • The applicability of the SOC 1 and SOC 2 report and the circumstances when the use of each report is appropriate
  • How to determine if an organization should receive a SOC 2 report, or if a report should be requested from key vendors.
  • What additional effort is needed to perform a SOC 2 examination if a SOC 1 is already being performed.
  • The SOC 2 processing integrity criteria requirements and how they may or may not overlap with SOC 1 controls.

Presentation slides and a recording of the webinar are available at https://bakertilly.com/insights/transitioning-between-system-and-organization-control-soc-reports.

About Baker Tilly Virchow Krause, LLP (bakertilly.com)
Baker Tilly Virchow Krause, LLP (Baker Tilly) is a leading advisory, tax and assurance firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. Headquartered in Chicago, Baker Tilly, and its affiliated entities, have operations in North America, South America, Europe, Asia and Australia. Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 145 territories, with 34,700 professionals. The combined worldwide revenue of independent member firms is $3.6 billion. Visit bakertilly.com or join the conversation on LinkedIn, Facebook and Twitter.

NOTE TO EDITORS:
Baker Tilly Virchow Krause, LLP is a member of the Baker Tilly International network, the members of which are separate and independent legal entities. Baker Tilly refers to the global network of accounting firms of Baker Tilly International Limited. Each member firm is a separate legal entity. Baker Tilly International Limited does not provide services to clients.

Contacts

Nicole Berkeland
[email protected]
612 876 4891

Baker Tilly Media Relations
[email protected]

This article published with permission from Business Wire