Many are confused about the difference between SOC 1 and SOC 2 compliance. SOC 1 focuses on the security of financials, allowing a vendor to create a set of criteria regarding compliance and then passing an audit that shows that they met the criteria. SOC 2 is a newer audit and is far more comprehensive requiring an audit that is conducted by an independent third-party and that information security controls are in place to protect data.
Why is SOC 2 Compliance Important to Security?
SOC 2 exists to address general IT controls so that clients have an expectation that their data is maintained responsibly in terms of initiation, processing and the reporting of transactions in a secure manner. Without some type of framework, and because SOC 1 compliance permitted self-policing by providers, there was previously no method of control to ensure that data was secure.
TERIS continues to achieve SOC 2 certification as part of its on-going commitment to help mitigate risks and ensure that client data is highly secure. TERIS policies, procedures and infrastructure for data protection, security and confidentiality met or exceeded SOC 2’s criteria.
If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!