If you are looking to implement a new reporting or budgeting software this year, you are most likely focused on which features and capabilities you think suit your company the best and what the price structure looks like. Rightly so, these are important things to consider.
However, one less sexy but equally important aspect that you need to look into is whether or not your chosen reporting or budgeting software vendor is SOC 2 compliant.
What is AICPA SOC 2?
SOC 2 means standard for service and organization controls 2. These sets of standards were introduced by the American Institute of Certified Public Accountants or AICPA.
SOC 2 basically is a set of auditing procedures that ensures your chosen software vendor manages your data securely to protect both your organization´s interests and your clients´.
So yes, it is important stuff. If you ask why, this is because day after day we hear of malware attacks, phishing scams, hacks, attacks, and identity theft. It has never been more important to ramp up information security for any organization. The danger is real.
There is a wealth of articles online explaining what SOC 2 means but to give you an idea, SOC 2 is comprised of 5 basic trust categories – security, confidentiality, processing integrity, availability, and privacy.
So is this mandatory? The truth is that this is not mandatory for cloud vendors. However, the vendors that are serious about protecting your organization´s interests and that of your clients will voluntarily comply because they know it is for everyone´s best.
SOC 2 uses a third party auditor to verify that controls and safeguards are in place beyond just looking at the operational effectiveness of the system.
The Good News
The good news is that Epicor Financial Planner (EFP) in the cloud is SOC 2 compliant. In line with EFP´s commitment to serious and uncompromising management of information security, EFP has voluntarily complied with AICPA´s standards.
It has all the reports and certification to show for.
So next time you evaluate a reporting and budgeting software, ask your vendor for their SOC 2 compliance certificate. This is the best way to safeguard your business´ interests.