Security is not something that should be taken lightly in business, but especially for any business that is handling confidential, medical or financial information. When you think about the amount of sensitive information that can be stored on various company systems— desk and softphones, voicemail, call recordings, chat and collaboration tools, enlisting a responsible communications provider that has the proper security controls in place is more important than ever.
One of the key security audits quickly becoming the industry standard for communication providers is the SOC 2 Type 2 Report which validates the security of a provider’s infrastructures and services.
What is SOC 2 Type 2 and Why is it Important?
Service providers today need to demonstrate that they have adequate controls over data protection technologies and processes. The Service Organization Control (SOC 2) Type 2 Report is an independent third-party report performed in accordance with AT Section 101 of the American Institute of Certified Public Accountants (AICPA) professional standards and is based upon the Trust Services Principles. The SOC 2 Report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. The Trust Service Principles that SOC 2 is based upon are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles has defined criteria controls which must be met to demonstrate adherence to the principles and produce an unqualified opinion (no significant exceptions found during the audit). The SOC 2 Type 2 Report audits the implementation of these controls over a set period of time, and puts strict audit requirements in place to address the demands in the marketplace for assurance over non-financial controls. The trust principles predefine the criteria businesses must meet, making it easier for business owners to know what compliance needs are required and for users of the report to read and assess the adequacy.