Great news — Nord Security, the parent company of NordPass, has successfully undergone an independent SOC 2 Type 1 audit. The successful audit ensures that NordPass Business, along with other Nord Security business tools, provides proper security controls to manage customer data and protect their interests with regard to privacy. Let’s get into why it’s important and what it means for NordPass Business.
What is the SOC 2 report?
SOC 2 is a voluntary compliance standard for service organizations developed by the American Institute of Certified Public Accountants (AICPA). The standard sets out certain security requirements on how service organizations should manage customer data. The SOC report provides valuable information about the audited company’s security infrastructure, internal controls, and governance, which can be used to further mitigate risk, improve systems, and improve compliance readiness. Two types of SOC 2 reports are:
SOC 2 Type 1 certification describes the organization’s systems and if the system design complies with the relevant trust principles.
SOC 2 Type 2 certification describes the operational efficiency of the systems.
Fancy lingo aside, the SOC 2 report provides organizations and their partners, suppliers, and customers with critical information about how the organization manages and secures data.
What does the SOC 2 Type 1 mean for NordPass Business?
In 2022, NordPass Business’ Information Security Management System received the ISO/IEC 27001:2017 certification. This specification certification ensures that we continuously improve, develop, and implement proper security measures and that these processes are efficient and effective.
The SOC 2 Type 1 audit was the logical next step in our endeavor of ensuring that our customers’ data is secure while they use NordPass Business. The examination is a result of our commitment to securing our customers’ data.
The SOC 2 auditing process follows the framework known as Trust Service Criteria, which includes five criteria:
Security. The auditors check whether the organization's data storage and computing systems are adequately protected against unauthorized access or possible damage to the systems that could compromise the processing integrity, availability, confidentiality, or privacy of data.
Availability. Ensuring that all data storage and computing systems are fully operational.
Processing Integrity. Auditors examine whether the system processing is accurate, valid, timely, and complete.
Confidentiality. Ensuring that data marked as confidential is properly protected.
Privacy. The auditors check and make sure that all personal data is collected, used, stored, and processed in accordance with the highest security standards.
So what does all of that mean for NordPass Business and its users? Well, simply put, the SOC 2 Type 1 audit further ensures that our dedication to ensuring the security of your data is our number one priority.
But we’re not stopping at the SOC 2 Type 1 audit. We’re already on the move for another one. The SOC 2 Type 2 audit assesses the operating effectiveness of our systems to ensure that you receive the best possible tool for password and passkey management. In the future, we seek to further audit NordPass so you can rest assured about our highest security standards.