SOC 1 and SOC 2

The System and Organization Controls (SOC) framework, developed by the American Institute of Certified Public Accountants (AICPA), is a standard for controls that protects information, which is stored in Sterling Order Management System. SOC reports are internal control reports that are generated by Certified Public Accountants (CPAs) after they audit the services provided by a service organization such as Cloud Service Providers (CSPs). SOC reports can help companies assess and address the risks that are associated with vendors who provide an outsourced service.

SOC 1 is an audit of the internal controls at a service organization, implemented to protect client-owned data that is involved in client financial reporting. SOC 1 audits and reports are based on the Statement on Standards for Attestation Engagements (SSAE 18) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402).
SOC 2 audits are based on the AICPA Trust Service Principles and Criteria to gauge service organization internal controls that are implemented to protect customer-owned data. SOC 2 reports provide details about the nature of those internal controls.

Contact your Sale Representative, Onboarding Manager, or your Customer Success Manager (CSM) to request the SOC 1 and SOC 2 reports for Sterling Order Management System.