Risk or Reward? The importance of SOC 2
As legal technology and advancements within areas such as cloud technology and software-as-a-service, clients are facing increased pressure to make sure their data is safe. Many companies resort to third party vendors to outsource services such as preserving and collecting ESI.
Unfortunately, recently third party vendors have been the source of some ugly data breach scenarios which can cause detrimental damage to both the client and the vendor. Not only will your reputation take a toll but you make encounter lawsuits and other large fines.
Service Organization Control “SOC” Reports
To best understand the implications of SOC Reports its best to understand the different types of SOC reports:
Type 1: focuses on a description of a service organization’s system and on the suitability of the design of its controls
Type 2: contains the same opinions as a type 1 report with the addition of an opinion on the operating effectiveness of the controls
Focuses on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.
Type 1: focuses on suitability of the design of a service provider’s controls over data
Type 2: centers on operating effectiveness of these controls.
Summary of a SOC 2 audit normally used for marketing purposes. There are less details in this report.
Why do you need a SOC 2 verified vendor?
The SOC 2 audit provides additional assurance regarding vendor controls that relate to operations and compliance relevant to one or more of the following five principles: security, availability, processing integrity, confidentiality and privacy. Not only will you be able to assure your clients of the safe guarding of their data, you will be able to comply with all of the data privacy and security laws.
TERIS | SOC 2 compliant with the highest level of security
Every employee HIPPA certified
Fingerprint reader for building entry
24/7 security surveillance cameras
Data stored in server room with a bank vault