Third-party audit of organizational procedures, policies and standards provide BDI clients with expert assurances for data center security and e-presentment networks.

Los Angeles, CA (February 1, 2012)

Business Date, Inc. (BDI) is pleased to announce the successful completion of its first annual SOC 2 and SOC 3 Type II audit reviews by Marcum, LLP, one of the nation's leading and licensed CPA firms specializing in Service Organization Control (SOC) standards. The audit results detail SOC 2 and SOC 3 compliance and demonstrates our commitment to the highest available standards in support of security, privacy and service on behalf of BDI's clients and business partners nationwide.

SOC 2 and SOC 3 replace SAS 70 as the primary method for providing examiners with detailed information regarding a service organization's security practices, controls, policies and procedures. BDI's SOC 2 and SOC 3 reports are specifically intended to provide your organization with assurance and confidence in BDI's ability to protect your organization's vital information.

WHAT ARE SERVICE ORGANIZATION CONTROL (SOC) REPORTS?

The American Institute of Certified Public Accountants (AICPA) recently released a series of three (3) Service Organization Control (SOC) guides for auditors to utilize when auditing and reporting on controls at service organizations:

SOC 1, otherwise known as the Statement on Standards for Attestation Engagements No. 16 (SSAE 16), replaces SAS 70 as the primary guide for auditing a service organization's controls relevant to a user entity's (customer's) financial statements (e.g. core processors).

• SOC 1, otherwise known as the Statement on Standards for Attestation Engagements No. 16 (SSAE 16), replaces SAS 70 as the primary guide for auditing a service organization's controls relevant to a user entity's (customer's) financial statements (e.g. core processors).

• SOC 2 is based on AT Section 101 of the AICPA professional standards. A SOC 2 report examines controls at a service organization relevant to the security, availability, or processing integrity of a system or the confidentiality or privacy of the information contained in the system (e.g. BDI). These audits are based on the Trust Service Principles, Criteria and Illustrations (AICPA, Technical Practice Aids) established jointly by the AICPA and the Canadian Institute of Chartered Accountants (CICA). A SOC 2 report is intended for existing customers and their auditors, not potential customers or the general public.

• SOC3 is based on the same criteria as specified in SOC2, but the report is intended for general distribution. This report provides a description of the company's internal control system and the "Independent Practitioner's Trust Services Report." CICA issues the SOC 3: SysTrust for Service Organization seal, which is linked to the company's website, after the successful completion of the SOC 3 examination. This seal recognizes that the organization's controls meet the pre-established criteria established by AICPA and CICA.

TYPE I AND TYPE II REPORTS

In any SOC engagement, the auditor provides a Type I or a Type II report. Type I reports document an auditor's opinion regarding the accuracy, completeness and suitable design of an organization's controls as of a set date. Type II reports audit the implementation of these controls over a set period of time, typically 6 months to a year, with sample testing of each controls' operating effectiveness during the defined period.

IS BDI CERTIFIED?

BDI successfully completed a SOC 2 and SOC 3 Type II audit review on November 30, 2011. This audit covers the June 1, 2010 - August 31, 2011 reporting period. According to the AICPA, there is no "Certified" designation.

FOR MORE INFORMATION

Look for new information to be posted and referenced on our website or contact us directly if you have any questions.