Consolidation Corner

Don’t forget about your service provider’s internal security

Posted by Mike Goode on Dec 10, 2015 8:53:38 AM

 

With attention-grabbing headlines about major security breaches occurring almost daily, plan sponsors need to be assured that their service providers are on guard 24-7, protecting sensitive information and intellectual property, wherever it may reside.

 

One sign that a service provider has a strong commitment to security and controls is SOC certification, which results from successful Service Organization Controls (SOC) examinations. SOC examinations are conducted in accordance with attestation standards established by the American Institute of CPAs (AICPA), and are designed to provide comfort that a service organization meets key security principles, validated through an independent service audit.

 

Protect Sensitive Information, In Whatever State It Resides

 

It’s important to understand that sensitive information and intellectual property doesn’t just reside on a storage device, or on a piece of paper.  It can also be at rest or on the move, and it’s critical for a service provider to understand the various states in which it resides, and to formulate protective measures for each of those states, including:

 

  • In use: Actions such as copying data to a storage device or printing it
  • In motion: Network communications such as email, web traffic and instant messaging
  • At rest: Data stored in file shares or on users’ drives or devices

 

Kicking the Tires of Your Service Provider’s Internal Security

 

Once we understand the different states of data, we can formulate & implement specific, protective security measures. 

 

Here is an important (but by no means exhaustive) list of some of the internal measures we believe are critical for all service providers to adopt, and that we’ve taken care to effectively implement throughout our organization.

 

Read More

Topics: Security

SOC Examinations Designed To Provide Comfort

Posted by Mike Goode on Jul 16, 2015 4:23:00 PM

 AICPA Service Organization Control Reports SOC SAS 70 Reports Logo

Gaining Comfort That an External Plan Service Provider Has Adequate Security and Controls

Say you’re a plan sponsor, and you’re using (or seeking to use) external services for:

 

Question: What gold-standard certification is going to give you comfort that your provider-of-choice meets the highest standards of excellence for transactional controls, security, availability, confidentiality and privacy? 

 

Answer: Service Organization Controls (SOC) examinations. SOC examinations are conducted in accordance with attestation standards established by the American Institute of CPAs (AICPA), and designed to provide comfort that service organizations meet the key principles identified above, through an independent service audit. A “system” is broadly-defined -- comprised of infrastructure, people, procedures and data used to complete the services provided, and encompassing information and asset security.

Read More

Topics: Security

Click Here To View RCH's Upcoming Events!

Consolidation Corner

Don't get left behind!!

Be sure to sign up to receive our emails keeping you up to date on all of the latest industry news, events and articles featuring Retirement Clearinghouse!

Click Here To Download  BRT's Executive Summary  on the Mobile Workforce

Subscribe to Email Updates