SOC Case Study – Information Technology Services

Primary Contact: Eric M. Wright CPA, CITP

Schneider Downs completed a Service Organization (SOC) report for a leading provider of remote database administration, operating system and Oracle EBS support services. 

The client provides around-the-clock support for all major database products, including Oracle, SQL Server, DB2, MYSQL and Oracle EBS and also provides operating system support for all major variations of the UNIX and LINUX operating systems.  The Director of Customer Value and Service Delivery shared his thoughts with Schneider Downs on the SOC report:

Why did you want a Service Organization Control Report?

Database administrators, by the very nature of their profession, are the protectors of an organization’s critical database assets.  When a mission-critical application becomes unavailable, it can threaten the survivability of a business.  The financial impact of downtime is not the only issue that companies face when critical applications are offline.  Loss of customer goodwill, bad press and legal penalties can all damage a company’s reputation.  As a result, the quality of our work must be without question.  One of the first questions prospective customers ask is if we have a SOC report.  The SOC report provides potential and existing customers with the peace of mind knowing that our support activities have been reviewed by an independent organization that specializes in measuring service quality.  It is extremely beneficial to attracting new customers and keeping existing customers happy.

Why did you choose to partner with Schneider Downs for your SOC report?

We wanted a company that had extensive experience in providing SOC auditing and reporting experience.  In addition, we were looking for an organization that possessed an excellent reputation for these types of services.  The reputation of the firm providing the SOC audits is extremely important to the credibility of the report.  Having a firm like Schneider Downs work with us on our SOC report provided our organization with the level of credibility that we wanted.

Can you describe your experience with Schneider Downs?

Schneider Downs’ engagement team was extremely knowledgeable about the entire process. Our organization spent many hours reviewing SOC information before we selected Schneider Downs. What I found out during Schneider Downs’ first visit was how much we truly didn’t know about the SOC process. The engagement team took the time to educate us from the top down. They worked with us to identify what operational activities were truly important to the quality of service we provide to our customers.

They also provided advice on the processes and reports that would be required to measure the quality of these services. Security is of the utmost importance to our organization. Schneider Downs knew that coming in, and worked with us to create a set of measures to evaluate not only service delivery quality but service delivery security.

Schneider Downs clearly stated all deadlines and timeframes in both verbal and written communications. They described all of the stages that were involved in the audit process. My organization clearly understood where Schneider Downs was in the analysis, evaluation and reporting stages.

The SOC-1 report exactly met our needs. Schneider Downs did an excellent job during the initial stages of the engagement to educate us about what operations were important to be audited, why they were important and how to effectively measure them.  Schneider Downs then reviewed our measurement processes to ensure accuracy. They quickly “learned our business,” which was very beneficial to the process. We have had numerous customers’ auditing departments review our SOC-1 report with no questions asked.

How has your SOC report process been beneficial?

The SOC report process has been extremely beneficial to our organization. Although we knew we provided high-quality service to our customers, creating additional measurements allowed us to further increase the quality of our support processes.  Every prospective customer asks us if we have a SOC report. The SOC1 process has been the most beneficial project we have undertaken. Every service delivery organization should have a third party perform an in-depth review of its support processes.

Schneider Downs SOC Services

About Schneider Downs SOC Services

Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started or learn more about our practice at SOC.

Get the weekly newsletter with our most recent columns and relevant insights to you.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.


Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.