It's no secret that an organization's confidential information is vulnerable in today's world of electronic storage. If you have any doubt, just ask The New York Times or The Wall Street Journal – both of which recently reported having their computer systems hacked.
Organizations transferring storage and/or the processing of their data to cloud-based systems are faced with the added complexities of how to best maintain ownership and control data while continuing to assure customers they have controls in place to keep data secure. How can organizations provide their stakeholders with comfort related to this transferred information?
Service Organization Control ReportsSM represent the intersection of cloud computing and the trusted advisor role of the CPA. In 2011, the AICPA introduced three SOC reporting options: SOC 1SM, SOC 2SM and SOC 3SM reports, creating a great opportunity for CPAs to assert their knowledge and capabilities related to examining and reporting on controls at service organizations, including cloud service providers.