SOC1 exercises controls at a service organization relevant to user entities internal control over financial reporting. To provide information to the auditor of a user entity’s financial statements about controls at a service organization that may be relevant to a user entity’s internal control over financial reporting. It enables the user auditor to perform risk assessment procedures, and if a type 2 report is provided, to assess the risk of material misstatement of financial statement assertions affected by the service organization’s processing.
According to American Institute of CPAs (AICPA), all service organization reports operate to enable service organizations “that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant,”. The customers will periodically need to comply with audit requests that come from accounting firms outside, so the results of SOC testing can help make those audits run more smoothly.
Tata Communications is committed to SOC1 standard for its Managed Hosting services.
|Managed Hosting Services||In-Scope services|
|Operating System||Microsoft windows, RHEL, OEL, Solaris, IBM‐AIX, SUSE Linux, Debian Linux, Ubuntu Linux, Cent OS, Fedora|
|Network||VPN Gateway, Load balancer, switches, router|
|Storage/ Backup||Shared and dedicated models, SAN, NAS and FC /iSCSI|
|Database||Oracle, MS-SQL, DB2 or MySQL database administration|
|Middleware||Middleware service is offered on applications including JBOSS; TOMCAT; Apache; WebLogic; WebSphere|
|Load Balancer||Static, Dynamic, Persistent: Radware, Citrix, SLB and GSLB, mSLB and mSLB with SSL off‐load|
|Security||SIEM, DDoS detection & mitigation, firewall monitoring & management, WAF, UTM and network based vUTM – SIGS, Managed and monitoring IDS/IPS, OAuth|