<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">
Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Advantage Blog

Stay up to date with the latest compliance news from the Schellman Advantage blog.

Blog Feature

SOC | Assurance / Service Audits

By: FRANCISCO ARAUJO
April 16th, 2018

Imagine this, it's a late Wednesday afternoon and you are wrapping up your previous SOC engagement while simultaneously working on your current engagement. A check of your upcoming schedule reveals that next week, yet another SOC engagement for a client in your area looms. Juggling multiple engagements can be tricky, but must less so if there’s a tried and true process that’s become routine. Here are five easy steps to help an auditor prepare for a SOC engagement.

Blog Feature

SOC

By: SCOTT ZELKO
June 23rd, 2017

It may come as a bit of a surprise—maybe not—but there are actually two types of SOC reports. Upon examination, the service organization is responsible for specifying whether or not a “Type 1” or “Type 2” will be performed. It’s important to note the specific use of “Type” as a distinguisher--not “SOC 1” or “SOC 2,” as the different specified “types” are options for both the SOC 1 and SOC 2 reports. For those of you that are now thinking, “that’s confusing,” I agree 100% with you. In fact, “Type 2” and “SOC 2” are not at all the same thing, and the “type” of each SOC examination presents important differences for service organizations.

Blog Feature

SOC | Cybersecurity

By: DEBBIE ZALLER
June 21st, 2017

As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program — and there is no better way to validate your cybersecurity risk management program than with an independent validation.

Blog Feature

SOC

By: NICK BRUCE
May 2nd, 2017

Why would a financial services company need a SOC 1?

Blog Feature

SOC | HITRUST

By: GARY NELSON
May 1st, 2017

The short answer is...yes. Now for the long answer - a SOC 2 report requires that a service organization has sufficient control activities in place to address the Trust Services Principles and Criteria (TSPC) developed by the AICPA.  However, there are no stipulations by the AICPA as to what those control activities have to be.  As long as the criteria are satisfactorily addressed to align with the risks that a service organization has identified, a service organization has some flexibility with the controls they implement.

Blog Feature

SOC

By: Douglas Barbin
March 6th, 2017

SSAE 18. You have probably seen blog articles circulating about the "new change" to SSAE 18, including Schellman’s article in Accounting Today.  Yes, the new standard imposes some important but relatively minor changes; changes which guide us, the service auditors performing these assessments.  You may even see some adjustments to our approach in your next SOC examination. 

Blog Feature

SOC | Education

By: STEPHEN HALBROOK
December 5th, 2016

Here are five steps to help successfully prepare: 1. Validate the Nature of the Request. Does your client base understand the various SOC reporting options and what they are asking of your organization from a compliance reporting perspective? Is there a connection to internal controls over financial reporting (ICFR) of the services that you provide to your clients, or are you looking at general controls of a system that are relevant to security, availability, processing integrity, confidentiality, and/or privacy? SOC 1 can oftentimes be misused by the general public as a generic reference to third party examinations. There is misconception in the marketplace; help prevent it.

Blog Feature

SOC | Education

By: GREG MILLER
November 22nd, 2016

I am often asked who is responsible for determining and selecting which principle(s) will be included in the scope of the SOC 2 examination, but the answer may not always be what service organizations want to hear.