SOC 2 reports are becoming ubiquitous for businesses in the B2B market, creating a shared confidence that best business practices are followed and systems are developed with security and data privacy in mind. StrunkAccess GRC software provides a unique SOC 2 experience, and through conversations with clients Strunk has seen that predictably CPA firms have a much different view of the SOC 2 vs Companies required to have them.
A Company Perspective On SOC 2
To compete in today’s market a company must be able to satisfy their customers’ needs. With many companies now requiring 3rd party verifications from their vendors, the go to responses are an assessment based on how integrated the vendor is within the operations of the requesting company and a SOC 2 report. From a company’s perspective a SOC 2 is really just a means to lubricate the sales processes and removing barriers or objections to the perspective business. While a SOC 2 audit can add value to a company by solidifying policies, procedures and controls, the overwhelming sense Strunk clients have relayed is, “a SOC 2 is necessary to help increase the bottom line by landing business with more sophisticated entities.”
CPA Firms & SOC 2
While the SOC 2 has been a big boom to the bottom line of CPA firms, many firms realize SOC 2 readiness is a time consuming and onerous process for their clients. It also winds up delaying the SOC 2 process more than any other part of the audit, especially for first time SOC 2 participants. Because of this CPA firms concentrate on giving companies tools and examples that can help them fill gaps in their organizational structure. The issue arises that before a SOC 2 audit no company is fully ready, all companies need to add policies or modify existing policies to close gaps and follow the general outline of the SOC 2 trust principles. The biggest divergence that Stunk sees here is that the CPA controls for SOC 2 vary from firm to firm and can create a maze that is hard for companies to follow, even though the process with the CPA firm may be well established.
The big difference here is that CPA firms are looking at a SOC 2 as an ends, where as companies view them as a means to an end. StrunkAccess GRC Software is the best way to maintain SOC 2 compliance from either perspective.
Release ID: 88941138