Does your Managed Service Provider (MSP) need a SOC certification?

Why your Managed Service Provider (MSP) should be SOC certified

Managed Service Providers (MSP’s) are responsible for maintaining your company’s hardware, software and network infrastructure.  However, they are not all the same. How do you know if your provider has the right processes in place to reliably support your organization’s operations AND keep your data secure? What are the characteristics of a good service provider? Does the prospective MSP follow best industry practices?

SOC (Service Organizational Controls) reports are a way to take the guesswork out of verifying that your service provider is qualified and follows best practices. If you’re considering outsourcing and the company has had a SOC audit done, it means that an external auditor has worked with them to review and/or test their processes. There is no perfect score for a service provider, but a SOC report does give you a way to assess the service provider’s processes and look for and address any risks.  

A SOC 1 report refers to internal controls over financial reporting. SOC 2 reports on controls over security, availability, processing integrity, confidentiality and privacy. There are two types of each report. Type 1 reviews the documented procedures of the controls at a point in time. The auditor reads your design around your procedures and verifies that they are within approved best practices parameters.  Type 2 indicates that the auditor has not only read your design, but has also tested it to confirm that it is working.  

For example, when an employee is terminated, he should have all access to systems removed on his last day. A type 1 report would look to see that there is a procedure in place.  A type 2 report would ask for information on every terminated employee during a certain period and audit that to be sure access was actually removed per the procedure.  

Knowing that your Managed Service Provider has had a SOC audit of their business processes can put your mind at ease. You no longer need to worry about whether your MSP is following best practices. The SOC report will tell you everything you need from a technical perspective, so that you can focus your attention on the features, culture, and fit of the service provider to your organization.   

If you’d like more information on Revolution Groups SOC Certified Managed Services Program, feel free to reach out to us at 614-212-1101.