The operations supporting ADP's SmartCompliance Tax Credits module have successfully completed its first Service Organization Controls (SOC) 2 Type 1 audit, the company announced today. This certification helps provide assurance to existing and prospective clients regarding operations controls relevant to security, availability, processing integrity, confidentiality and privacy.
The SOC 2 examination was conducted by an independent third-party auditor, which issued an unqualified opinion stating that controls implemented by ADP’s Tax Credits business are suitably designed to provide reasonable assurance that the prescribed criteria would be met for the five Trust Services Principles as defined by the American Institute of Certified Public Accountants. ADP research indicates that its Tax Credits business is the first to complete a SOC 2 audit.
“Our clients place a great deal of trust in us to protect and properly handle sensitive information on their behalf,” said Jeanne Madden, vice president of operations supporting the ADP SmartCompliance Tax Credits module. “This SOC 2 report, in addition to the SOC 1 audit, demonstrates ADP Tax Credits’ commitment and dedication to operational excellence. The SOC 1 and SOC 2 exemplify industry-leading standards that we always strive to uphold, and on which we will continue to build.”
ADP’s Tax Credits business has completed SOC 1 Type 2 audits (formerly SAS 70) each year since 2005, and has now completed a SOC 2 audit as well, which is a widely recognized, thorough examination of a service organization’s standards and controls around the following five Trust Services Principles:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, accurate, timely and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and Canadian Institute of Chartered Accountants (CICA).