News and Awards

Ostendio is the first SaaS company to license AICPA content required for the performance of a SOC 2 engagement

Written by Ostendio | Oct 12, 2022 12:30:00 PM

Arlington, Va. (October 12, 2022, with updates Nov 15, 2022)

Ostendio, Inc., a leading provider of integrated security and risk management solutions, announced its standing as the first and currently only SaaS platform to license SOC2® content, including the Trust Services Criteria, from the AICPA. The AICPA  is an international professional organization of Certified Public Accountants with more than 428,000 members in 130 countries. The AICPA created the SOC 2® report in response to requests from customers and business partners that outsource certain activities to a service organization for information they need to understand the systems and controls those service organizations have in place to protect their information. The increasing awareness of the importance of IT security at third parties has led to a significant increase (almost 50%) in the demand for SOC 2® engagements conducted by CPAs. 

 

A SOC 2® engagement may only be performed by an independent, licensed CPA firm. However, over the past couple of years, a number of new security platform companies have emerged claiming to offer quick, cheap, automated SOC audits, which often result in low-quality SOC reports. The AICPA has responded to this by taking a much more stringent line by actively enforcing its copyrights and trademarks and prohibiting security platform organizations from making misleading statements regarding the scope, time, fees, or performance of SOC 2 engagements as those matters are to be independently determined by the CPAs performing the SOC 2 engagement.

“Ostendio is fully supportive of the actions taken by the AICPA and acted swiftly to obtain the first content license for SOC 2®,” said Grant Elliott, chairman, and CEO, of Ostendio.Ostendio meets the needs of serious security professionals by providing access to over 150 compliance frameworks and today's announcement will help more clients successfully navigate the process for SOC 2 audits.”

Ostendio also recently announced that it is the first SaaS company to be a HITRUST Readiness Licensee. Clients preparing for a HITRUST assessment can build their data security program and prepare for the assessment using a combination of the Ostendio platform and the HITRUST MyCSF platform.


About Ostendio

Ostendio is the only integrated security and risk management platform that leverages the strength of your greatest asset. Your people. Ostendio delivers an easy-to-use, cost-effective platform that allows you to assess risk, create and manage critical policies and procedures, empower your people to be secure with security awareness training, and monitor continuous compliance across 150+ security frameworks. With deep customization, advanced intelligence, and flexible controls, you’re always audit-ready, always secure, and always able to take on what’s next.

The Ostendio platform enables auditors and clients to collaborate on real-time evidence within a single, secure integrated risk management platform. Unlike industry-standard methods of conducting complex audits using disparate and siloed shared drives and spreadsheets, the Ostendio platform provides access to evidence and documents that are always available, easy to update, and optimized for collaboration.

The Ostendio Trust Network™ connects organizations with third-party vendors to help them safely share security information and manage and mitigate risk across the extended enterprise. Ostendio Trust Network members can invite vendors to complete custom risk assessments and share information quickly and in real-time. This allows vendors to demonstrate compliance to their customers and auditors, easing sales processes and reducing compliance burdens. Companies can mandate that vendors share their compliance information directly with them via the Ostendio platform, dramatically reducing the risk of vendor-related data breaches. 

Note:  This press release has been modified from the original in collaboration with the AICPA