SOC Case Study – Information Technology Services SOC 2

Primary Contact: Eric M. Wright CPA, CITP

Schneider Downs completed a Service Organization (SOC) Type 2 report for a leading SaaS provider that empowers retailers and manufacturers to drive new product success by introducing the right new products at the right price.

The client offers a cloud-based software solution that gives retailers and manufacturers insight into expected product performance and optimal entry price points for new items that have no sales history, all within 48-72 hours.  Retailers and brands use the solution to develop, select, and price more winning products.

The client uses a scalable platform that enables thousands of consumers to evaluate hundreds of new products through online games that are presented via social media, websites, emails, and on mobile devices.  The predictive analytic solution filters and weighs consumer input, ensuring that clients are listening to the right consumers.  The results have been 3%-9% gains in sales and margin dollars for all customers. The Chief Technology Officer shared her thoughts with Schneider Downs on the SOC 2 Type 2 report:

Why is the SOC 2 Type 2 report valuable from you customers’ perspective?

Because we are a SaaS solution, it is important for our customers to know we have sufficient controls in place to ensure that we are managing the information they provide us in a secure and business-appropriate manner.  The SOC 2 principles and criteria provide a standard framework for us to demonstrate evidence of our controls without our customers have to conduct their own due diligence audit on our systems.

How has the SOC 2 report process added to the Security and Processing Integrity of your SaaS offering?

It mobilized our company to this about the best practices for managing inputs into our solution, monitoring consumer engagement activities, and producing customer results from our systems, and to develop Policies and Procedures that encourage those best practices and mitigate risk.  The Policies and Procedures related to Security and Processing Integrity we have developed have also simplified new hire training, as it was easier to develop training materials and track compliance.

Can you describe your experience with Schneider Downs?

Schneider Downs was professional and knowledgeable and worked with us from a point of view wanting us to succeed.  They worked hard to understand our business and worked with us to develop controls that made sense for our company.  The challenged us when necessary and they helped us ultimately build a framework that made us better as a company.  I look forward to working with them again on the next testing phase.

Schneider Downs SOC Services

About Schneider Downs SOC Services

Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started or learn more about our practice at SOC.

Get the weekly newsletter with our most recent columns and relevant insights to you.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Breached?

Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.