I would request the SOC 1. One can still gain insight into the Service Organization's security and transaction processing controls, even if the emphasis is on controls over financial reporting.
|
|
Howard Glassman | Senior Project Planner I
RAD- Research and Innovation, Vendor Analytics
|
====================
This email/fax message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution of this
email/fax is prohibited. If you are not the intended recipient, please
destroy all paper and electronic copies of the original message.
Original Message:
Sent: 8/14/2023 2:55:00 PM
From: Tanya Dunaway
Subject: RE: Insurance Companies SOC 2 Due Diligence
The agreement/contract states they don't have a SOC 2. They only have a SOC 1.
Original Message:
Sent: 08-14-2023 01:12 PM
From: Howard Glassman
Subject: Insurance Companies SOC 2 Due Diligence
Hi,
Please check your agreement with the insurance company regarding audit rights. At a minimum, the agreement should specify that upon request, you should be able to obtain a SOC 2 report. If your current agreement does not specify audit rights, then I would suggest that you pursue a contract amendment to obtain those rights.
|
|
Howard Glassman | Senior Project Planner I
RAD- Research and Innovation, Vendor Analytics
|
Original Message:
Sent: 8/14/2023 12:28:00 PM
From: Anonymous Member
Subject: Insurance Companies SOC 2 Due Diligence
This message was posted by a user wishing to remain anonymous
I'm having trouble obtaining a SOC 2 for an insurance company we use those tracks insurances on auto loans. Is this an industry trend? I would think they would have some type of document by a third party as they have a lot of NPI.