SOC 1 and SOC 2

The System and Organization Controls (SOC) framework, developed by the American Institute of Certified Public Accountants (AICPA), is a standard for controls that protects information, which is stored in Sterling™ Order Management System. SOC reports are internal control reports that are generated by Certified Public Accountants (CPAs) after they audit the services provided by a service organization such as Cloud Service Providers (CSPs). SOC reports can help companies assess and address the risks that are associated with vendors who provide an outsourced service.

SOC 1 is an audit of the internal controls at a service organization, implemented to protect client-owned data that is involved in client financial reporting. SOC 1 audits and reports are based on the Statement on Standards for Attestation Engagements (SSAE 18) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402).
SOC 2 audits are based on the AICPA Trust Service Principles and Criteria to gauge service organization internal controls that are implemented to protect customer-owned data. SOC 2 reports provide details about the nature of those internal controls.

Contact your Sale Representative, Onboarding Manager, or your Customer Success Manager (CSM) to request the SOC 1 and SOC 2 reports for Sterling Order Management System.