SOC 2 Compliance: What You Need to Know

THE RESILIENT ENTERPRISE | THE RISKMETHODS BLOG

Trust and transparency. Companies that rely on cloud-based services need to know their data is safe, and the technology secure. Now, an independent body has verified the rigorous IT-security practices and controls at riskmethods. We rocked the SOC! Read on to learn what this means for you.

With the System and Organization Controls 2 Type 2 audit now successfully behind us, riskmethods clearly and proudly demonstrates SOC 2 Type 2 compliance in all aspects of security practices and controls. Our customers know that they can rely on our security, availability, processing integrity, confidentiality, and privacy.  

Yet what does SOC 2 compliance mean for you? Our securITy rockstars, Nasim Al-Tamimi, riskmethods Chief Technology Officer and Robert Ibisch, riskmethods Chief Information Security Officer took us on backstage tour of the topic. 

1. What is SOC 2?

SOC 2 is an audit conducted by an independent auditing firm, across five categories called Trust Services Criteria. The five categories, and their key aspects, are: 

  • Security refers to protection of information throughout its lifecycle 
  • Availability involves performance monitoring, disaster recovery, and security-incident handling 
  • Processing Integrity focuses on ensuring that data is processed in a predictable manner, free of accidental or unexplained errors 
  • Confidentiality covers ability to protect confidential information throughout its lifecycle, including collection, processing, and disposal 
  • Privacy focuses on Personally Identifiable Information (PII) 

The auditor evaluates the evidence we supply for the controls in each category. When completed, we receive the official SOC 2 report that assures our customers and business partners that their data is handled securely.   

2. How does SOC 2 compliance affect riskmethods customers?

Specifically, the SOC 2 evaluates the organization’s technical management. It assures that our customers’ data is handled securely. At the same time, it verifies that the infrastructure, policies, procedures, and systems we have in place protect customer data within our company’s operational processes, as well as within The riskmethods SolutionTM

3. Why is SOC 2 compliance important?

What is key is that an independent party verifies all the critical aspects of data security mentioned. The auditor provides an independent opinion, and proof that we have been consistent in following the standards. riskmethods proactively protects the IT-security of our customers and their data. For example:

 

21972-312_SOC_NonCPA

  • Improved information security practices riskmethods defends itself effectively against cyberattacks and prevents breaches 
  • Worry-free integration Our technology and security meet the requirements of IT departments who integrate The riskmethods Solution 
  • Safe data Customer information and data is hosted and handled securely 

4. What are the requirements?

SOC 2 Type 2 has a set of over 300 requirements and controls in the categories of security, availability, processing integrity, confidentiality, and privacy. In addition to verifying the infrastructure, software, people, policies and procedures, the auditor gathers evidence of how we apply each and every of those requirements and controls for the review period.

5. What is the difference between SOC 1 and SOC 2?

Originally established by the American Institute of Certified Public Accountants, the SOC framework is increasingly globally recognized. SOC 1 is very focused on the operational financial health of an entity. It is used as a single indicator for the capability of a company to operate. In comparison, SOC 2 is rather a comprehensive audit for SaaS companies and solutions. As described, it covers the data-handling aspects of security, availability, processing integrity, confidentiality, and privacy. We opted for all of these in our audit.

6. What does Type 2 refer to?

The Type 2 audit covers a 12-month interval. In other words, Type 2 has an annual recurrence, covering how the SaaS company operated throughout the year. Type 1 is performed only once. This one-off audit might even cover the work of just one day!

7. Anything else riskmethods customers need to know about SOC 2?

This is not new to us! We have long implemented all of those procedures, policies, and controls. This compliance audit enables us to prove that we have been following and practicing the right procedures and controls.  

We value transparency, so we can earn our customers’ trust. Through SOC 2 Type 2 compliance, we can prove we are an IT and cloud-service provider who uses verified information-security practices to ensure operational and security excellence. 

Our securITy rockstars

Robert Ibish

Robert Ibish

riskmethods Chief Information Security Officer
nassim-al-tamimi

Nasim Al-Tamimi

riskmethods Chief Technology Officer

Becoming a Supply Chain Disruption Shaper:

How to get started with proactive supply chain risk management

Join riskmethods experts for actionable insights on how to proactively manage your supplier risk. Want to know more? Watch our on-demand webinar now.

Back to top