LeaseWorks SOC 1, Type II Certification
Service and Organization Controls (SOC) reports are independent third-party examination reports that demonstrate how service providers achieve key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the controls LeaseWorks or any other provider has established to support operations and compliance.
Why is SOC compliance important?
Increasingly, businesses outsource basic functions, such as data storage and access to applications, to cloud service providers (CSPs) and other service organizations. In response, the American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud. This aligns with the International Standard on Assurance Engagements (ISAE), the reporting standard for international service organizations.
Types of SOC Audits and Reports
Service audits based on the SOC framework fall into two categories — SOC 1 and SOC 2, with both audits coming also in two variations—Type 1 and Type 2. A Type 2 audit is more rigorous as it’s based on the testing of controls over a duration of time versus a particular point in time measured by a Type 1 audit.
Publicly-traded companies, or those with financial stakeholders behind them, typically require their providers to undergo a SOC 1 audit with a Type 2 report. At the conclusion of a SOC 1 Type 2 audit, the service auditor renders an opinion in a SOC 1 Type 2 report, which describes the CSP's system and assesses the fairness of the CSP's description of its controls. It also evaluates whether the CSP's controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period. In brief, a SOC report is the compendium of safeguards built within the service organization’s processes and is also an externally-audited check if those safeguards work or not.
LeaseWorks and SOC Certification
As a cloud-based SaaS provider for lessors and airlines that lease aircraft, LeaseWorks takes data safety and security very seriously. We have advanced operational controls in place to maintain that security and give our customers the peace of mind that we take the protection of their data as seriously as they do.
LeaseWorks services are audited regularly against the SOC reporting framework by independent third-party auditors. The SOC audit for LeaseWorks cloud services covers controls for data security, availability, processing integrity, and confidentiality as applicable to trust principles for each service.
LeaseWorks has achieved SOC 1 Type 2 reports since December 2018. In general, the availability of SOC 1 reports is restricted to customers or prospects who have signed nondisclosure agreements with LeaseWorks. The primary purpose of the report is to provide information to customers about LeaseWorks’ control environment that may be relevant to their internal controls over financial reporting.