SOC Reports: How to Screen for Effective Service Vendors
Not all service vendors are created equally. Any company that has been burned by an unreliable service vendor can attest to the gravity of hiring trustworthy third parties.
Not all service vendors are created equally. Any company that has been burned by an unreliable service vendor can attest to the gravity of hiring trustworthy third parties. In the oil and gas industry, for example, operators on the hunt for a reliable SCADA system may find difficulty in discerning the difference between SCADA providers with proven processes and those without. A vendor’s systems and processes, or lack thereof, can mean the difference between having a trusted, long-term partner or counting down the days until the contract term expires.
In today’s oil and gas industry climate, operators must vet potential vendors vehemently. Oil and gas operators simply cannot afford to enter into long-term contracts with ineffectual vendors. Operators need a better screening method apart from ‘trusting their gut.’
Compelling sales pitches and convincing customer testimonials can offer superficial evidence of a service provider’s competence. When a service company begins wooing a prospect, no amount of due diligence can provide assurance of effective internal processes or the security of private information. Asking the right questions cannot sufficiently provide enough evidence of a company’s operational compliance and reliability.
To support and accelerate the vendor vetting process, the American Institute of CPAs (AICPA) created a standardized reporting system to assess a service vendor’s internal controls. The demand for Systems and Organization Control (SOC) reports is fueled by the growing need to outsource services to third party companies. The SOC report presents a detailed dissection of the controls associated with servicing customers. At the conclusion of a SOC audit, a comprehensive SOC report is compiled, detailing the effectiveness of a company’s controls.
As a SCADA system provider to upstream and midstream operators, eLynx Technologies LLC recognizes the need to provide assurance and confidence concerning the privacy and protection of customer data. Consequently, eLynx completed the SOC audit with BKD, LLP, one of the largest accounting and advisory firms in the United States. eLynx’s SOC report explains in-depth the established internal controls and procedures involved in providing SCADA products to the oil and gas industry.
Completing the SOC audit provides an opportunity for service vendors to build trust within an industry community. During a vendor’s prospect courting process, operators should note the absence of SOC reports as a major red flag. Whether it is a SCADA system provider or a CRM software company, service organizations that do not offer SOC reports are exposing their customers to a greater amount of risk.
While service vendors are not created equally, they do have an equal opportunity to provide customers with proof of effective internal controls by completing a SOC audit and sharing the SOC report with prospects and customers. Ex-vendors can be a bitter reminder of past, failed relationships and can often trigger noncommittal tendencies. Vetting helps determine a vendor’s value, but the SOC report can provide comfort and peace of mind.
eLynx Technology’s SOC report proactively assures prospects and customers that eLynx operates with established internal controls regarding information security and customer data processing. When considering a SCADA provider, oil and gas companies can quickly identify a trusted service partner by the completion or absence of a SOC report. Operators can engage in long-term contracts with confidence, knowing full well they will not be anticipating a contract term countdown.