Webscale has earned SOC 2 Type 2 compliance certification. That’s actually a big deal. In simple terms it means a rigorous and respected third party audit has made sure we’re doing the right things to protect our customers and their data.
Let’s explain how this works and how it benefits you, whether you’re a direct customer of Webscale or the customer or partner of a business that is.
What is SOC 2?
SOC stands for Service Organization Control and it’s a set of measurements to ensure you are adhering to best practices. SOC 1 is an audit of internal financial controls and relates to your financial reporting or the financial reporting of your customers.
SOC 2, however, looks at how you’re handling other types of sensitive information, particularly private and personally identifying information. It focuses on 5 elements of the Trust Services Criteria (TSC) set out by the Association of International Certified Public Accountants (AICPA).
If you want to read in-depth about it, they have a 2017 report that goes into 62 pages of detail. For those who don’t, here’s a summary of the principles in alphabetical order:
- Ensures that we and our customers can reach critical systems consistently.
- We are controlling access to information deemed confidential so only authorized parties can access it.
- We are maintaining best practices in collecting, storing, disclosing, and disposing of personally identifying information.
- Processing integrity
- Our systems meet the needs of our (and your) business objectives in a complete, valid, accurate, timely, and authorized manner.
- Both the systems and the information they contain are protected against unauthorized access, unauthorized disclosure, and damage that could compromise availability, data integrity, privacy, and/or confidentiality.
What does Type 2 add to it?
SOC 2 Type 1 measures how well a company implements the TSC based on a snapshot of their systems and services at a specific time. Type 2 is more rigorous.
Type 2 audits measure how well a company meets the TSC over a significantly larger period of time, usually 6 months or more, to ensure consistency. SOC 2 Type 2 means the company can’t simply pass the audit on a specific day. They have to be able to pass it regularly for months and months.
According to Jay Smith, our Founder and CTO, “SOC 2 Type 2 makes sure you’re doing the right things to protect the security and integrity of your customers’ data, make it available to the right people in the right ways at the right times, and that you’re doing it over the long haul. It gives customers confidence that they can put their confidence in you.”
Why should that matter to you?
SOC 2 Type 2 is a known, trusted, and respected certification. Webscale being SOC 2 Type 2 certified not only reassures our customers they’re protected, but helps our customers protect their partners and customers as well.
If you’d like more information on SOC 2 compliance, our successful SOC 2 Type 2 audit, or how Webscale protects your private information, reach out to firstname.lastname@example.org or your Webscale account manager.