Yes, Acumatica initially completed SOC 1 and SOC 2 audits in October of 2016. Each year around September the auditors perform a review and provide a new report describing the attestation of their internal controls.

SOC compliance is important to SaaS customers because they are outsourcing their business applications to a service organisation that has been proven to have the resources (people, process, and technology) to safely, effectively host, and maintain their applications and data. Customers may choose to outsource the operation of their applications, but they are still responsible for establishing effective controls over those outsourced functions. The SOC audit provides verification that a SaaS provider has the controls to monitor, assess, and address the possible risks associated with outsourcing of applications and data. Acumatica has successfully completed the audits for SOC 1 and SOC 2. The two audits are:

  • SOC 1 Report – User Entities’ Internal Control over Financial Reporting
  • SOC 2 Report— Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy