Understanding security compliance can be especially important for legal firms that represent banks, defense contractors and other financial institutions that are regulated by the PCI Security Standards Council and the Sarbanes-Oxley Act. Data security will continue to remain a major focus for corporate IT risk management.
What is SOC 2 Compliance?
SOC 2 compliance refers to Service Organization Control (SOC) framework, which is issued by the American Institute of Certified Public Accountants. SOC works to reshape reporting requirements for service organizations, including cloud computing. SOC 1 reports are used as part of the SSAE 16 standard for reporting on controls, while SOC 2 and SOC 3 reports focus more on technology and cloud computing using Trust Services Principles.
What Does SOC 2 Certify?
SOC 2 Certifies Security, Access Reliability, Confidentiality, Process Integrity and Privacy of Information.
TERIS continues to achieve SOC 2 certification as part of its on-going commitment to help mitigate risks and ensure that client data is highly secure. TERIS policies, procedures and infrastructure for data protection, security and confidentiality met or exceeded SOC 2’s criteria.
Look for additional information in What Legal Professionals Need to Know About the Importance of SOC 2 Compliance – Part 2. If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!