MYTEK Network Solutions has partnered with Lazarus Alliance to undergo an independent AT-101 SOC 2 audit performed under the guidelines of the American Institute of Certified Public Accountants (AICPA).
Scottsdale, AZ, April 10, 2017 (Newswire.com) - Lazarus Alliance, a leading cyber security, governance, risk, and compliance (GRC) firm, announces its partnership with MYTEK Network Solutions, a Phoenix-based IT consulting, custom software development, and IT services company. Lazarus Alliance will perform an independent AT-101 Service Organization Control 2 (SOC 2) audit to ensure that the design and operating effectiveness of MYTEK’s internal controls meet the requirements set forth by AICPA’s Trust Services Principles.
“The AT 101 SOC 2 sets authoritative data security benchmarks for technology service providers. By undergoing an AT 101 SOC 2 audit, MYTEK is demonstrating to its clients that it is committed to exceeding or maintaining those benchmarks,” said Michael Peters, CEO of Lazarus Alliance.
Businesses are coming to expect that their technology partners will undergo independent SOC 2 audits to prove that their systems meet certain information security standards.
Michael Peters, CEO, Lazarus Alliance
As part of the SOC 2 attestation process, the attesting service organization must establish specific information security policies and procedures and document them in writing. Lazarus Alliance is utilizing Continuum GRC’s IT Audit Machine (ITAM), a RegTech software solution that automates governance, risk, and compliance, to help MYTEK with policy development, as well as all other aspects of the SOC 2 audit.
“During an SOC 2 audit, the auditor examines and reports on the service organization’s controls over one or more of the five Trust Services Principles established by AICPA,” explained Peters. “Since every organization’s data environment is different, all five of the Trust Services Principles may not be relevant to them, but figuring out which ones do and don’t apply can be difficult. Our ITAM SaaS platform has built-in SOC 2 modules that help demystify the process, saving the client time and money.”
The SOC 2 is part of the AICPA SOC reporting framework and utilizes the AT-101 professional standard. In contrast with the SSAE 16 SOC 1 report, which focuses on the reporting of financial controls, SOC 2 enables technology service organizations, such as MYTEK, to attest to their adherence to proper data security control procedures and practices. The purpose of releasing an SOC 2 attestation is to convey trust and assurance to the service organization’s clients that the organization has specific controls to effectively mitigate operational and compliance risks associated with the use of its systems.
"As companies increasingly outsource critical business functions to technology service vendors, there is a need for transparency regarding those companies’ data security processes and controls,” Peters noted. “Businesses are coming to expect that their technology partners will undergo independent SOC 2 audits to prove that their systems meet certain information security standards.”
Source: Lazarus Alliance
Share:
