When our Director of Operations announced our pursuance of this compliance, many of us wondered what you may be wondering right now “What is that?” or “Why does it matter?”
As we begin this journey, we thought it would be a great time to share with you – our customers and potential customers – the answers to these questions, along with why we are so excited about it as a team.
What is SOC 2 Compliance?
SOC 2 Compliance consists of two certifications, SOC 2 Type 1 and SOC 2 Type 2. While the first is designed to ensure specific controls are in place to protect security and compliance, the second puts those published controls to the test. The audit this “proof” requires can take several months to a year to prove.
The Trust Services Criteria required to achieve certification are defined by the American Institute of Public Accountants.
These Criteria include:
- Availability: This verifies that all information (data) and information systems that are advertised are available and functional.
- Security: This verifies all information (data) and information systems are protected to the highest possible level against unauthorized access or breaches.
- Confidentiality: This verifies that any information deemed sensitive or confidential is protected by the right controls and processes.
Once the audit is complete, an auditor’s report provides visibility into the company in question relating to technical capabilities and customer data compliance commitments.
All processes within the company are evaluated against the criteria outlined in the document linked above for availability, security, and confidentiality while providing details on the measures in place to protect against breaches.
When complete, the complete report will be available upon customer request.
Why Share Now?
Because of the time required to achieve certification, we didn’t want to wait to share the news. We thought announcing the start of this journey, and sharing updates along the way as possible might be of interest.
Zerion Software is committed to data security, as demonstrated by our industry-leading Trust No One security, outlined in our Security Center, along with taking early steps to comply with international standards like GDPR.
We’re also committed to transparency; sharing our embarkation on SOC 2 Type 2 Compliance is one way to demonstrate this.
Moving forward, our team will be putting our controls in place, outlining new security measures and working together to continue to provide the level of protection our customers have come to expect. We’re excited to share more as the process progresses.
Here’s to a better way!