Clicky

How Hillary Clinton’s Email Scandal Highlights the Importance of a SOC Audit | Assure Professional
Call Us Today!1-888-605-9848

Blog - How Hillary Clinton’s Email Scandal Highlights the Importance of a SOC Audit

Learn more about the latest news and information regarding audits, accounting, and IT consulting for various industries in our blog, reports, and whitepapers.

You are here

How Hillary Clinton’s Email Scandal Highlights the Importance of a SOC Audit

08/19
2015
Author: 
administrator

So this week we found out the server Hillary Clinton used for her personal email account was stored in a bathroom closet.  If she requested Platte River Networks to undergo a SSAE16/Service Organization Control (SOC 1 or SOC 2) audit, chances are she would not have moved forward with the company.  Using personal email as the Secretary of State would likely still make headlines.  However, if the firm she chose to work with passed the extensive audit process we would at least have some peace of mind the company provided service in a reliable, accurate, confidential and secure way to protect classified government data. 

When you request an outsourced service organization to complete a SOC audit, auditors dissect particular areas of the business to ensure they are meeting certain standards.  Common areas of review include:

  • PHYSICAL SECURITY - Are your facilities properly secured?  (I don't believe a bathroom closet would have passed the test).
  • DISASTER RECOVERY - In the event of a disaster, would you be able to retrieve information from the data back-ups and continue operations? (Questionable at this point if Clinton's emails were backed up)
  • ENVIRONMENTAL - Do you maintain an appropriate environment for equipment (e.g. proper HVAC and fire suppression systems)?
  • DATA ACCESS - Are security settings in place to prevent unauthorized access to client systems and information? (Again, the server was in a bathroom closet...)
  • PROCESSING INTEGRITY - Are quality procedures in place to verify that information processed was completed correctly?
  • ORGANIZATION & HR - Do managers provide proper oversight and are employees qualified for their positions?

The big takeaway from servergate is business owners (regardless of political affiliation) should be asking their service organization provider if they are SSAE16/SOC compliant.  If they are not, request them to undergo an audit before proceeding with the relationship.

 

Recent Blogs

S*%t I'd Rather be Doing Other than Accounting Part Deux ... Read More
SSAE 18 ... Read More
S*%t I'd Rather be Doing Other than Accounting ... Read More
I AM A START UP/EARLY STAGE COMPANY…WHEN SHOULD I ENGAGE THE HELP OF AN ACCOUNTING FIRM? ... Read More
Vetting Your Target Pre LOI ... Read More