Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Insurance Companies SOC 2 Due Diligence

    This message was posted by a user wishing to remain anonymous
    Posted 08-14-2023 11:00 AM
    This message was posted by a user wishing to remain anonymous

    I'm having trouble obtaining a SOC 2 for an insurance company we use those tracks insurances on auto loans. Is this an industry trend? I would think they would have some type of document by a third party as they have a lot of NPI. 



  • 2.  RE: Insurance Companies SOC 2 Due Diligence

    Posted 08-14-2023 11:35 AM

    Hi,

    Please check your agreement with the insurance company regarding audit rights.  At a minimum, the agreement should specify that upon request, you should be able to obtain a SOC 2 report.  If your current agreement does not specify audit rights, then I would suggest that you pursue a contract amendment to obtain those rights.

     

     

    Howard Glassman | Senior Project Planner I
    RAD- Research and Innovation, Vendor Analytics






  • 3.  RE: Insurance Companies SOC 2 Due Diligence

    Posted 08-14-2023 12:55 PM

    The agreement/contract states they don't have a SOC 2. They only have a SOC 1. 


    Original Message


  • 4.  RE: Insurance Companies SOC 2 Due Diligence

    Posted 08-15-2023 06:45 AM

    I would request the SOC 1.   One can still gain insight into the Service Organization's security and transaction processing controls, even if the emphasis is on controls over financial reporting.

     

     

    Howard Glassman | Senior Project Planner I
    RAD- Research and Innovation, Vendor Analytics

     

     

    ====================
    This email/fax message is for the sole use of the intended
    recipient(s) and may contain confidential and privileged information.
    Any unauthorized review, use, disclosure or distribution of this
    email/fax is prohibited. If you are not the intended recipient, please
    destroy all paper and electronic copies of the original message.




    Original Message