SOC 2 Type 2 Compliance for Accounting and CPA Firms

November 13th, 2020 | IT Security, Security Policies

Aldridge understands the value of protecting your business-critical and client financial data. Just like your firm, we do our best to safeguard this information to protect our reputation, and yours. You need a provider you can trust to continually put security top-of-mind and do so in a way that doesn’t hinder productivity for your firm. We completed the American Institute of CPAs (AICPA)’s Service Organization Control (“SOC 2”) audit and report and received our certification through the MSP Cloud Verify Program™. By doing so, we can provide peace of mind to our clients, and position ourselves to work with other accounting and CPA firms like you.  

We’re not here to educate you on why SOC 2 Type 2 compliance is important for protecting your firm and the clients you serve. You already know the value of safeguarding your business and customer data, but shouldn’t your IT provider feel the same?  

By being in your industry, you’re a high OML company by default.  Your outsourced IT provider shouldn’t be dragging you along, and vice versa. You want an IT provider on your side of the table who can serve as a capable business partner and consultant for your firm. To do so, the IT vendor you choose needs to approach security and processes the same way you do.  

“Maintaining SOC 2 Type 2 compliance keeps our organization focused on our processes and controls to make sure that we practice what we preach. Completing the readiness exercise and audit process required a significant investment of money and time, but it was worth it. The audit helps us confirm that our house is in order and that we continue to implement the same processes and controls that we recommend to our clients.”  

— Patrick Wiley, Aldridge CEO 

The six-month, third-party Trust Factor Security Audit is based on the MSPAlliance Unified Certification Standards for Cloud and Managed Service Providers. We know that if an IT provider cannot complete the SOC 2 Type 2 certification, likely, they are not continually implementing and enforcing: 

By obtaining our SOC 2 Type 2 compliance it gave us the opportunity to examine and validate our processes surrounding: 

  1. Data security 
  2. Data availability 
  3. Processing integrity 
  4. Confidentiality 
  5. Customer privacy standards 

Completing the SOC 2 compliance is our commitment to ourselves, and our clients, that we will properly secure and protect our valuable business data with everything we do. Overall, the report required our organization to hold ourselves accountable by highlighting any holes in our data governance and security defenses.  

Our SOC2 Type 2 report provides an up-to-date history of Aldridge’s efforts around: 

  1. Data governance 
  2. Policies and procedures 
  3. Confidentiality, privacy and service transparency 
  4. Change management 
  5. Service operations management 
  6. Information security 
  7. Data management 
  8. Physical security 
  9. Billing and reporting 
  10. Corporate health 

At Aldridge, we work with several accounting and CPA firms. We know that every hour spent on your IT issues and data security is a billable hour lostYou don’t need to spend time worrying if your IT provider is doing what they’re supposed to. By completing the SOC 2 Type 2 certification, we can provide tangible proof that we implement and maintain proper security controls and policies in everything we do. We work with our clients to ensure that they have the technology tools, training, and support they need to protect their business without stalling productivity. To learn more about our IT Outsourcing services, schedule time to speak with an Aldridge representative today.