Salient Corporation Receives SOC 2 Type II
After a rigorous evaluation and examination process, Salient is thrilled to announce the successful completion of a SOC 2 examination, formally known as a Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. The examination was performed by an independent CPA firm for the scope of service described below.
Examination Scope: Salient Client Hosted Environments and Internal Corporate Server Environment
Selected SOC 2 Categories: Security, Availability and Confidentiality
Examination Type: Type 2
Review Date / Period: October 1, 2018, to September 30, 2019
Service Auditor: Schellman & Company, LLC
The completion of this engagement provides evidence that Salient has a strong commitment to deliver high quality services to our clients by demonstrating that we have the necessary internal controls and processes in place. The report verifies the suitability of the design and operating effectiveness of Salient’s controls to meet the standards for the selected principles and associated criteria.
The examination process evaluated every aspect of our business — from accessing the building, employee’s devices, data management of the client hosted environments, server network monitoring, to employee on-boarding and continuous training. Security is a key component in our success. It’s imperative for us to provide our clients with solutions that adhere to the highest standards, completion of an annual SOC 2 engagement confirms our commitment to the most rigorous security, availability and confidentiality standards and procedures in the industry.
“Our clients, partners and users rely on us to provide the highest standards of security, availability, and confidentiality. Successfully completing our SOC 2 Type II examination is just another way we can show them how seriously we take that responsibility.” Melissa Elliott, Salient Information Security Officer
SOC 2 Background Information
- By engaging an independent CPA to examine and report on a service organization’s controls, service organizations can respond to meet the needs of their user entities and obtain an objective evaluation of the effectiveness of controls that address operations and compliance, as well as financial reporting at those user entities. To provide the framework for CPAs to examine controls and to help management understand the related risks, the AICPA has established three Service Organization Control (SOC) for Service Organization reporting options. The three types of SOC reports within the structure are as follows:
SOC 1 – Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting
SOC 2 – Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy
SOC 3 – Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
- SOC 2 reports are attestation reports that opine on controls at a service organization relevant to the security, availability, or processing integrity of a system (security, availability, and/or processing integrity principles) or the confidentiality or privacy of the information processed for the user entities (confidentiality or privacy principles). SOC 2 reports are an alternative to SOC 1 examinations which may only opine on service organization’s controls that are likely to be relevant to user entities’ internal controls over financial reporting.
- There are five Trust Services principles that a service organization may opt to be evaluated against as part of any SOC 2 examination. The service organization may select any combination of the following principles:
Security – The system is protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements.
Availability – The system is available for operation and use to meet the entity’s commitments and system requirements.
Processing Integrity – System processing is complete, valid, accurate, timely, and authorized to meet the entity’s commitments and system requirements.
Confidentiality – Information designated as confidential is protected to meet the entity’s commitments and system requirements.
Privacy – Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s commitments and system requirements.
The specific Trust Services principles selected by Salient Corporation are described above.
- SOC 2 examinations may only be performed by a licensed CPA firm.
- SOC 2 reports are restricted use reports, which means that the authorized users of the report are generally management of Salient Corporation, user entities (clients) of the services provided by Salient Corporation during the time period of the examination, prospective user entities, independent auditors of these user entities, and other parties who have sufficient knowledge and understanding of Salient Corporation’s services covered by the SOC 2 report. To request a report from Salient Corporation, please email firstname.lastname@example.org.
- There are two types of SOC 2 examinations. SOC 2 reports that opine on management’s description of a service organization’s system and the suitability of the design of controls are referred to as “Type 1” reports. These examinations always have a review date. SOC 2 reports that opine on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls are referred to as “Type 2” reports. These examinations always have a review period.