System and Organization Controls (SOC) is a compliance standard developed by the AICPA. The SOC 2 designation is specific to organizations that store data in the cloud, and ensures that systems and processes meet a gold standard. SOC 2 mandates that companies establish and follow a rigorous standard of policies and procedures that meet the five information technology Trust Services Principles (TSPs) relevant to client data. The five TSPs are security, availability, processing integrity, privacy, and confidentiality.

What’s the Difference Between SOC 2 (Type 1) and SOC 2 (Type 2)

You may be wondering what the difference between SOC 2 (Type 1) and SOC 2 (Type 2) is. A company that has SOC 2 (Type 1) is a company that was verified to have acceptable security processes at a specific point in time. The further you are from that specific point in time, the less likely that company is to have those security processes still in place. SOC 2 (Type 2), is granted to organizations that have implemented SOC 2 controls effectively over a period of six months.

It’s the difference between cramming for a test and forgetting everything the next day, versus actually taking the time to master the material – you always want to go with SOC 2 (Type 2) when given the choice.

The Highest Standard

Passing the SOC 2 compliance required IT Glue to demonstrate the highest standard of security practice. Criteria pertains to physical infrastructure, software, personnel responsible for governance, automated and manual processes, and data. In short, it means that your data is safe when stored in IT Glue, and this claim is verified by a third party.

MSPs servicing customers in specific verticals, such as healthcare, require this certification to help them meet regulatory burdens such as HIPAA compliance. For those MSPs, you can be sure that using IT Glue supports you in meeting those standards.

This may or may not be a surprise to you but the GlueCrew also use the IT Glue platform for managing and organizing all of our information. As expected, having this as the backbone of our documentation eased a good portion of the burden that goes into successfully gaining the SOC 2 certification. Passing audits means not just having great practices, but being able to demonstrate those practices to auditors. IT Glue was able to do this because all critical SOPs, passwords, and other key information were safely stored in IT Glue.

Want to work with a documentation system you can trust? One that prioritizes speed, efficiency and security, without sacrifice? Give IT Glue a test drive – sign up now.

Yes, sign me up for a demo!

The post What in the World is SOC 2? appeared first on IT Glue.

What is SOC 2?

For those unfamiliar, SOC stands for service organization control. There are three variants of SOC compliance, and SOC 2 is designed for cloud and SaaS companies. The program was created by the American Institute of Certified Public Accountants (AICPA) as a means of improving the reporting of service organizations. Where SOC1 is focused mainly on financial reporting, SOC 2 emphasizes security and operational metrics. At the core of SOC 2 are five Trust Services Principles (TSPs).

The 5 TSPs

The five TSPs are security, availability, processing integrity, confidentiality and privacy. Essentially, SOC 2 is an audit of the company’s technical capabilities, and its ability to ensure that data is secure, available and held in confidence. The procedures for ensuring these outcomes must be documented and to receive certification the company needs to be able to demonstrate that it has effective procedures in place to meet audit standards.

To pass the audit for SOC 2 compliance, IT Glue had to demonstrate best security practices in terms of its physical infrastructure, the software that it uses, the personnel involved in governance, both automated and manual processes used, and data. The audit can only be passed when each of these areas of IT Glue’s system are compliant with SOC 2 standards.

What this Means

IT Glue achieving SOC 2 compliance means a couple of things. First, it means that your data is safe when stored in IT Glue, and this has been verified by a third party. Being able to pass the SOC 2 audit provides our partners with the highest level of trust with respect to the infrastructure and processes followed by IT Glue.

Second, for MSPs, working with a SOC 2 certified partner in IT Glue may open up some opportunities. In some industries, this certification is required. MSPs wishing to service customers needing reliable security know that they can use IT Glue to help meet the needs of those customers. Health care companies in the US, for example, have specific privacy requirements under HIPAA, and the SOC 2 certification goes a long way to meeting those requirements. SOC 2 is also valuable for courting government business, or any client that deals with highly sensitive data. Other MSPs who might not have been able to work with IT Glue previously because of the nature of their client bases, now can.

Importance of Documentation

SOC 2 certification highlights the importance of documentation. Passing audits means not just having great practices, but being able to demonstrate those practices to auditors. IT Glue was able to do this because all the critical SOPs and passwords were in IT Glue. If we can use IT Glue to help make the audit process easier, the same holds for any company – if you face regular audits then you’ll know the value of having a robust, organized documentation system in making the audit process that much smoother. If you’re looking to meet HIPAA guidelines in particular, you’ll need a robust, secure documentation platform to house and safeguard your critical business information.

IT Glue is the leading documentation platform for MSPs, designed to eliminate waste, improve productivity and hit your SLAs better. We are SOC 2 compliant, meaning that you can count on the security of your information in IT Glue.

The post IT Glue Announces SOC 2 Compliance appeared first on IT Glue.