One of the discussions brought up at this year’s AICPA Service Organization Controls (SOC) School was the issue of cloud computing and the effects it has on industries that are subjected to a SOC 1 or SOC 2 audit. When it comes to cloud computing, subservice organizations may be involved in providing the operations that a service organization might perform. This relationship is where the service organization and user entity could find themselves at risk.
As experienced service auditors, we are able to look at the risks involved with the subservice organizations footprint and determine the best course of action for our service organization, i.e. our clients.