What is the SOC 2 report?
SOC 2 is a voluntary compliance standard for service organizations developed by the American Institute of Certified Public Accountants (AICPA). The standard sets out certain security requirements on how service organizations should manage customer data. The SOC report provides valuable information about the audited company’s security infrastructure, internal controls, and governance, which can be used to further mitigate risk, improve systems, and improve compliance readiness. Two types of SOC 2 reports are:
Type I describes the organization’s systems and if the system design complies with the relevant trust principles.
Type II describes the operational efficiency of the systems.
Fancy lingo aside, the SOC 2 report provides organizations and their partners, suppliers, and customers with critical information about how the organization manages and secures data..
What does the SOC 2 Type 1 mean for NordPass Business?
Earlier this year NordPass Business’ Information Security Management System received the ISO/IEC 27001:2017 certification. This specification certification ensures that we continuously improve, develop, and implement proper security measures and that these processes are efficient and effective.
The SOC 2 Type 1 audit was the logical next step in our endeavor of ensuring our customers that their data is secure while they use NordPass Business. The examination is a result of our commitment to securing our customers’ data.
The SOC 2 auditing process follows the framework known as Trust Service Criteria, which includes 5 criteria:
Security. The auditors check whether the organization's data storage and computing systems are adequately protected against unauthorized access or possible damage to the systems that could compromise the processing integrity, availability, confidentiality, or privacy of data.
Availability. Ensuring that all data storage and computing systems are fully operational.
Processing Integrity. Auditors examine whether the system processing is accurate, valid, timely, and complete.
Confidentiality. Ensuring that data marked as confidential is properly protected.
Privacy. The auditors check and make sure that all personal data is collected, used, stored, and processed in accordance with the highest security standards.
So what does all of that mean for NordPass Business and its users? Well, simply put, the SOC 2 Type 1 audit further ensures you that our dedication to ensuring the security of your data is our number one priority. After all, we’re in the security business, and we want to be transparent about our practices. And we’re already in the process of our SOC 2 Type 2 audit. So stay tuned.