Marco announced it has completed a SOC 2 Type 2 examination of the Managed IT and Managed Print Services based on the Trust Services Criteria relevant to security and availability set forth in the TSP Section 100, 2017 Trust Services Criteria.
SOC, short for System and Organisation Controls, is a programme established by the American Institute of Certified Public Accountants to evaluate service providers based on key criteria. Completing a SOC 2 Type 2 is a significant goal for many managed service providers.
Obtaining a SOC 2 Report required an engagement by an independent public accounting firm to verify that Marco’s management has implemented an internal control system that, in all material respects, achieves their security and availability commitments to protect client data.
“Achieving a SOC 2 Type 2 Report was a major undertaking and required significant effort across all areas of Marco,” said Mike Burgard, Chief Information Security Officer at Marco. “We are proud to have completed a SOC 2 Report for the benefit of our clients. It further shows our dedication to security and provides additional validation that we practice what we preach.”
There are two types of SOC 2 examinations, including a SOC 2 Type 1 Report and a SOC 2 Type 2 Report. While a Type 1 Report evaluates an organisation on whether controls were designed to meet commitments and criteria at a point in time, a Type 2 Report evaluates an organization on whether controls were designed and operated effectively during a defined period.
“Many Managed Service Providers achieve a SOC 2 Type 1 Report,” Burgard said. “Few attain the SOC 2 Type 2 report that assesses the operation of our controls over a period of time.”
SOC 2 attestation is designed for businesses that manage customer data and systems.
“This report establishes trust and confidence that our internal controls were designed and operated effectively to protect our clients,” Burgard said. “A growing number of organisations are requiring a SOC 2 report as a minimum standard when selecting a service provider, especially in regulated industries such as health care and finance.”
The American Institute of Certified Public Accountants established the SOC internal control frameworks standards. Marco’s SOC 2 Type 2 was conducted by RSM US, LLP, one of the Top 10 public accounting firms in the United States. Marco’s SOC 2 Type 2 was based on the Trust Services Criteria for security and availability.
