Why we increased our internal controls to serve our clients

January 3, 2022

On November 20, 2021, GadellNet completed its SOC 2 Type 1 Attestation and we announced it publicly in early December. Obtaining this certification was a months-long process with widescale participation across our entire organization. We’re proud to share more with you about how this hard-earned honor will impact your business.

As many of you know, utilizing a Managed Service Provider (MSP) is an efficient and affordable way for small and medium-sized businesses to optimize technology for their organizations. Working with a subject matter expert, however, does not always guarantee security for your organization. If an MSP does not have the proper security controls in place, their organization is not only at risk, but they could be putting yours at risk, as well. The 2020 Solarwinds security breach is a real example of a cyberattack that compromised the target as well as its clients.

System and Organization Controls (SOC) for Service Organizations are internal control reports created by the American Institute of Certified Public Accountants (AICPA). They are intended to examine the services provided by an organization so that clients, partners, and vendors can assess and address the risk associated with an outsourced service.

There are several important reasons we feel this is important for our organization.  From a practical point of view, pursuing SOC attestation allows us to align more closely with the needs of our clients.  Many of our clients operate in compliance-focused industries like Financial Services, Healthcare, and Software. We also have a number of clients required to assess their own vendor risk, including federal contractors in construction, manufacturing, and services. These requirements quickly flow down to the organization supporting their IT infrastructure – us.

As cybersecurity and formal compliance adherence become an ever-increasing component of running a successful business, our partners are looking to us to set a high bar for protecting their organization.  In February 2021, KSM, a leading advisory, tax, and audit firm, published an article challenging businesses to validate that their technology partners have the right internal controls in place.  Sticking with our Zero Excuses core value, we were proud to work with KSM to complete our SOC 2 Type 1 Attestation.

Finally, there is a competitive advantage gained by our organization when we demonstrate to our clients/potential clients a commitment to compliance regarding security, vendor management, internal controls, etc. Few MSPs in the market have gone through the SOC 2 process, which differentiates GadellNet and allows us to attract more compliance-focused clients. This, in turn, leads us to develop better products and services for our existing clients.

We are expected to complete SOC 2 Type 2 Attestation in Q3 2022.  If you have any questions about SOC 2 Attestation and what it means for your organization, please don’t hesitate to reach out.