It’s also worth noting that they don’t mention SOC 1 (Statement on Controls). You should look this up on the AICPA website and study it, so that you understand it. Don’t take my word for it, but for the sake of those who want to save time (and put your trust in me), here’s the very simple version of the differences in the three AICPA SOC Audit Reports.
SOC 1
This one has to do with the security of financial information being shared between users and the software company (i.e., Fintech). This is relevant for any company that is handling information that could impact the customers’ financial statements. These “client” companies need assurances that their data is being protected.
This report is for internal use only—it can’t be shared.
Notion likely does not impact a company’s financial statements or information. It’s not an app designed to connect to financial software, so this likely does not apply.
SOC 2
This report is most applicable for businesses that have sophisticated customer relationships, which often means digital services type companies. It refers to availability, confidentiality, processing integrity, and privacy of client data.
This report is for internal use only—it can’t be shared.
SOC 3
These reports are designed to meet the needs of users who need assurance about the controls at a service organization when it comes to security, availability, processing integrity, confidentiality, and privacy, but do not have the need for making effective use of an SOC 2 Report. Because they are general use reports, SOC 3 reports can be freely distributed.
Password security
There are a number of these apps that can be used to keep track of passwords. The two most popular ones are probably LastPass and 1Password, but here’s a list of seven apps that I believe are worth looking into based on my experience:
Here’s a bit about the ones I’ve used or heard about:
- LastPass is what I’ve used for years.
- Dashlane is what I’m currently playing around with, and it’s very similar to LastPass, but has some different features that I like. I may switch, but the jury is still out.
- Keeper Security (not to be confused with Keeper, the monthly closing project management app) came highly recommended to me by one of the members of my 97 & Up program. It was mentioned that both their features and their pricing make it really compelling. If you do check it out, let me know what you think!
I have no experience with any of the others, besides seeing people in the accounting community mention and recommend them in various Facebook groups and forums. If you try any of them and find that you love them, please let me know. I would love to learn more about them.
The term “client” is defined as someone who is under your protection. In the area of security, that’s especially important. You have to protect their information. Security should be at the top of your list of priorities, and what you do should be well-documented to protect everything.
Assume you will be questioned about this at some point, and be prepared to prove that you do everything above and beyond what’s required.
