Delivering on the Promise of instilling your organization with Trust—SOC 3, WebTrust, SysTrust.

Earn stakeholders’ trust and drive sales. Achieve verification that your systems protect confidentiality and preserve data privacy. Assure customers that your systems process transactions accurately. SOC 3 compliance, including WebTrust and SysTrust, is specifically designed for companies seeking independent assurance related to information systems and e-commerce.

Earn a ‘Trust’ Seal. WebTrust and SysTrust companies establish credibility and build consumer confidence. Studies show that 91% of consumers would buy more goods and services if an e-commerce site’s practices were verified; and 58% of these consumers are more willing to recommend the site to family and friends. Those who complete a WebTrust and SysTrust attestation audit can market their systems
with a seal.

Industries for SOC 3. Skoda Minotti serves a range of industries that benefit from SOC 3 audits, including:

  • Application Service Providers (ASPs)
  • Software as a Service (SaaS)
  • Third Party Administrators
  • Payroll providers
  • Professional Employer Organizations (PEOs)
  • Collection companies
  • Data center and colocation services
  • Managed service providers
  • ACH processors
  • Health care
  • Financial services

The Trust Framework. The American Institute of CPAs (AICPA) and Canadian Institute of Chartered Accountants (CICA) established the foundation of the Trust Services Framework, which includes:

  • Security. The system is protected against unauthorized access, physical and logical.
  • Availability. The system is available for operation and use as committed or agreed.
  • Processing integrity. System processing is complete, accurate, timely and authorized.
  • Confidentiality. Information designated as confidential is protected as committed or agreed.
  • Privacy. Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principals issued by the AICAPA and CICA.

Trust Evaluation Categories. Criteria is organized in four broad areas and evaluated in the categories of security, availability, processing integrity and confidentiality. The areas include:

  • A (Policies). The entity has defined and documented its policies relevant to the particular principle.
  • B (Communications). The entity has communicated its defined policies to responsible parties and authorized users of the system.
  • C (Procedures). The entity placed in operation procedures to achieve its objectives in accordance with its defined policies.
  • D (Monitoring). The entity monitors the system and takes action or maintain compliance with its defined policies.

Your Guide. Which Soc report does your company need? Download a free reference guide by clicking on the button below.

Questions? Contact Ben Osbrach and he’d be glad to help.

Ben Osbrach, CISSP / CISA / QSA