Big news today! Validis is now SOC 2 compliant. SOC 2 compliance means that third party auditors have verified that Validis follows best practices with respect to security in terms of its infrastructure, software, data, people and procedures.
What is SOC 2?
For those unfamiliar, SOC stands for service organization control. There are three variants of SOC compliance, and SOC 2 is designed for cloud and SaaS companies. The program was created by the American Institute of Certified Public Accountants (AICPA) as a means of improving the reporting of service organizations, SOC 2 emphasizes security and operational metrics based on the five TSPs – security, availability, processing integrity, confidentiality and privacy.
Essentially, SOC 2 is an audit of the company’s technical capabilities, and its ability to ensure that data is secure, available and held in confidence. The procedures for ensuring these outcomes must be documented and to receive certification the company needs to be able to demonstrate that it has effective procedures in place to meet audit standards.
To pass the audit for SOC 2 compliance, Validis had to demonstrate best security practices in terms of its physical infrastructure, the software that it uses, the personnel involved in governance, both automated and manual processes used, and data. The audit can only be passed when each of these areas of Validis’s system are compliant with SOC 2 standards.
What does SOC 2 compliance demonstrate?
The audit completed at this time is SOC 2 Type 1. It is an independent validation of Validis’ commitment to meeting customers’ requirements and to implementing a robust compliance program. Specifically, the auditors determined that Validis has been structured according to security best practices from the ground up. Achieving SOC 2 Type 1 requires meticulous documentation of the controls including , but not limited to:
Secure product development lifecycle
Stringent access control based on the least privileged access principle
Robust logging, monitoring, events correlation, and alerts
Comprehensive vulnerability management with internal and external scans, penetration testing, and code reviews
Extensive employee security awareness training
Validis achieving SOC 2 compliance means that our client’s data is safe when stored in Validis, and this has been verified by a third party. Being able to pass the SOC 2 audit provides our clients with the highest level of trust with respect to the infrastructure, data, people, software and processes followed by Validis.
The report assures that Validis controls were designed and implemented to meet the criteria for:
Security. The system is protected against unauthorized access.
Availability. The system is available for operation and use as committed or agreed.
Confidentiality. Information designated as confidential is protected as committed or agreed
For more information about SOC 2 compliance, visit the AICPA’s website.
References 1 American Institute of CPAs, Trust Services and Information Integrity