GoToMyERP Light Logo
Request a Free Quote
reliable cloud-based erp solutions for manufacturing - gotomyerp

Compliance

Choose Cloud Hosting Backed by Independent SOC Audits

Gotomyerp provides cloud hosting services designed to support customers with security, audit, and regulatory requirements. Our hosting environment is independently audited under SOC standards developed by the American Institute of Certified Public Accountants (AICPA), providing third-party assurance over the design and operation of our internal controls.

Independent SOC Audits

SOC (System and Organization Controls) reports are independent attestation reports issued by licensed CPA firms. These reports evaluate how a service provider designs and operates controls related to security, availability, and financial reporting.

SOC reports are not certifications and do not represent a guarantee of security. Instead, they provide an independent auditor’s opinion on whether controls are appropriately designed and, where applicable, operating effectively over time.

SOC 1 Report

A SOC 1 report evaluates controls that are relevant to a customer’s financial reporting.

For cloud hosting providers, this focuses on controls that may impact:

  • Financial data integrity
  • Transaction processing
  • Systems that support financial statements

SOC 1 reports are commonly required by customers subject to financial audits.

SOC 2 Type II Report

A SOC 2 Type II report evaluates how effectively a service provider’s controls operate over time.

The audit assesses controls based on the AICPA Trust Services Criteria, including:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy (when applicable)

Type II reporting means controls are not only designed appropriately, but also tested for operating effectiveness over a defined audit period.

Gotomyerp maintains a SOC 2 Type II attestation to demonstrate that our security and operational controls are independently audited and consistently applied.

SOC 3 Report

A SOC 3 report is a public-use summary derived from a SOC 2 engagement.

It provides:

  • A high-level description of the system
  • The auditor’s overall opinion
  • No sensitive technical or control-level detail

SOC 3 reports are intended for general audiences who want assurance that a provider has undergone an independent SOC audit, without reviewing the full SOC 2 report.

What SOC audits mean for our customers

  • Independent third-party evaluation by licensed CPAs
  • Controls tested against established AICPA criteria
  • Annual audit cycle with documented results
  • Clear, defensible assurance for security and compliance reviews

SOC reports do not guarantee the absence of risk, but they provide independent validation that controls are properly designed and operating as intended.

Support for Regulated Environments

Gotomyerp supports customers operating in regulated industries by implementing security and operational controls aligned with applicable regulatory and contractual requirements.

While compliance obligations ultimately remain the responsibility of the customer, our hosting environment is designed to support audit, governance, and risk management programs across a range of industries.