The world as we knew it has been rocked by the global COVID-19 pandemic and the resulting economic disruption. Organizations of every size are adapting their workforce responsibilities and internal control environments to reflect changes in their operations. This includes vendors and service organizations that provide critical financial and information processing solutions.
Cloud updates and other technology advances have put new pressure on most technology companies—especially Software as a Service (SaaS) companies—to streamline roll-outs of updates and new product offerings. To meet customer needs, and to get features and products released to market faster, SaaS companies are turning to Agile frameworks to implement an iterative software development process and better streamline their updates and development. An Agile framework allows for more real-time testing, development and a faster delivery of product. However, from the perspective of an auditor performing a System and Organization Controls (SOC) examination, the process of gleaning details to determine control design suitability and operating effectiveness within an Agile environment could be a bit more challenging to the typical SOC approach if there’s a lack of documentation.
Service as a Software,
System and Organization Controls,
As the world, organizations and individuals become increasingly more information technology dependent and inter-connected, with other organizations and individuals, cybersecurity poses one of the largest threats in the current operating environment. Extending beyond the information technology sphere, information security incidents and data breaches are a daily occurrence in the news and can do major damage to operations. The recent WannaCry ransomware incident hit hospitals in Great Britain, telecom providers in Spain and major companies in China, the United States and several other countries. It locked users out of critical systems, grinding business—and in the case of the hospitals, patient care—to a halt.
From a cost and efficiency perspective, many large user organizations are choosing to outsource functions or portions of their own service offerings to outside service organizations that specialize in performing that function or service. All signs suggest that this trend towards more outsourcing will persist and the use of service organizations will continue to increase. This has created tremendous opportunities for service organizations of all types, but it also increases user organizations’ risk and exposure.
Service Organization Controls Report,