CV_MayJun_23

Communications Service Providers Should Be SOC Certified 38 CHANNELVISION | MAY – JUNE 2023 The ancient proverb of the “cobbler’s children have no shoes because he is too busy making shoes for other people” means that people or businesses do not benefit or practice internally what they sell or service. This is especially true today in our industry with network security. Partners should ask their carriers/ communications service providers (CSP) about how they handle customer information and manage internal network security. Partners must offer an everexpanding variety of communications solutions to meet their customers’ demands. Many of these solutions require the carrier/CSP to meet specific industry compliance requirements such as healthcare (HIPAA) or financial services (PCI DSS). Customers in these industries cannot accept network solutions from CSPs that do not meet their industry standards. Just as a business uses outside accounting firms with CPAs for financial auditing to measure and grade a business’ financial condition, we now have outside organizations that audit and measure network security through a suite of reports called System and Organization Controls (SOC). SOC certification is a widely recognized framework for evaluating and reporting on the controls and processes of service organizations. It was developed by the American Institute of Certified Public Accountants (AICPA) and provides assurance on the security, availability, processing integrity, confidentiality and privacy of customer data. There are several reasons (in addition to compliance requirements) why customers and partners need to work with SOC certified organizations: • Data security: SOC certification demonstrates that a company has implemented strong data security controls and measures. This can help build trust with clients and partners, especially when dealing with sensitive information. • Risk mitigation: SOC certification involves an independent audit of controls and processes, helping to identify and mitigate potential risks. This can enhance the overall risk management practices of an organization. • Competitive advantage: SOC certification sets the carrier/CSP apart from competitors that may not have undergone the same level of scrutiny. It demonstrates a commitment to security and compliance, which can be attractive to both the partner and its customer. • Client expectations: Some clients or business partners may specifically require their vendors or service providers to be SOC certified. Working with certified companies can simplify the procurement process and meet client expectations. These certifications help demonstrate a carrier/CSP’s commitment to security and compliance to their customers, partners and regulatory bodies. There are three types of SOC reports: • SOC 1: This report focuses on the internal controls over financial reporting. It is relevant for carriers that provide services that impact their customers’ financial reporting, such as billing systems. • SOC 2: This report evaluates a service organization’s controls based on the AICPA Trust Services Criteria. It covers security, availability, processing integrity, confidentiality and privacy. SOC 2 reports are commonly sought after by telecom carriers to assure their customers of their commitment to protecting sensitive data and providing reliable services. • SOC 3: This is a general-use report that provides a high-level summary of the organization’s controls. It is designed for public distribution and can be used to demonstrate the organization’s commitment to security and compliance without sharing detailed control descriptions. Obtaining SOC certification involves undergoing a rigorous audit process conducted by independent third-party auditors. The auditors assess the design and effectiveness of the organization’s controls and provide an opinion on their adequacy. This involves changing the way every employee uses network resources and manages customer data. It takes time and a considerable effort to be SOC certified and is a never-ending process of learning, reporting, reacting and securing the network and customer data. Team NHC has devoted a couple of years to changing and adapting our systems and operational culture to be SOC certified so we can respond to any industry or regulatory requirements. This is another reason to work with NHC in addition to our STACK solutions and our total commitment to the customer and partner experience. Glen Nelson is a 40 year veteran of the telecommunications industry and is co-founder, VP marketing & business development at NHC, The Communications Stack Provider and one of the largest partner-exclusive network resellers in North America. By Glen Nelson

RkJQdWJsaXNoZXIy NTg4Njc=