SOC 2 Type 2.com

The vulnerability of information technology (IT) systems globally has become a major, financial liability for companies and institutions that have not been certified as being in compliance with the laws set to determine adequate protection.

Summary

• Information technology systems are expanding nationally and globally.
• Lack of controls results in financial losses and major law suits.
• Standards and guidelines for System Organizational Controls have been adopted.
• Current law suits regarding invasions indicate the seriousness of the problem.

Information technology has become the medium by which businesses, institutions and people around the globe communicate. The use of email has increased to the point where the number of transmissions per minute is in the millions at practically no cost to the senders. The amount of letters and use of postal service have declined to such a degree that the United States postal service can no longer afford to  operate at prior levels of manpower.

Information technology systems handling financial data that is personal and nonpublic have literally taken over the exchange of financial data between banks and businesses. Businesses processing credit card information, and other types of financial history of individuals transmit personal data that is not for release to the public on a routine basis.

Processing communications and financial information has increased business efficiencies to a level that it is impossible to calculate. However this has come at a high cost for many people and businesses globally because of invasions of systems by unauthorized users which lead to unauthorized withdrawals and charges by identity thefts.

The degree to which people who have been damaged by the invasion of an IT system is being reported by the filing of law suits nationally and internationally against system organizations, financial institutions and business indicates that the vulnerability of IT systems remains very high.

This has created the necessity for establishing a standard for Service Organizational Controls (SOC).  This has lead to the establishment of SOC 1, SOC 2, and SOC 3 standards and guidelines for information technology systems by AICPA.