IT Glue Announces SOC 2 Compliance
BY IT GLUE | March 17, 2017
Big news today: IT Glue is now SOC 2 compliant. SOC 2 compliance means that third party auditors have verified that IT Glue follows best practices with respect to security in terms of both infrastructure and process. Not only is this extra security for MSPs and their clients, but it might help open up new markets for a lot of MSPs as well.
What is SOC 2?
For those unfamiliar, SOC stands for service organization control. There are three variants of SOC compliance, and SOC 2 is designed for cloud and SaaS companies. The program was created by the American Institute of Certified Public Accountants (AICPA) as a means of improving the reporting of service organizations. Where SOC1 is focused mainly on financial reporting, SOC 2 emphasizes security and operational metrics. At the core of SOC 2 are five Trust Services Principles (TSPs).
The 5 TSPs
The five TSPs are security, availability, processing integrity, confidentiality and privacy. Essentially, SOC 2 is an audit of the company’s technical capabilities, and its ability to ensure that data is secure, available and held in confidence. The procedures for ensuring these outcomes must be documented and to receive certification the company needs to be able to demonstrate that it has effective procedures in place to meet audit standards.
To pass the audit for SOC 2 compliance, IT Glue had to demonstrate best security practices in terms of its physical infrastructure, the software that it uses, the personnel involved in governance, both automated and manual processes used, and data. The audit can only be passed when each of these areas of IT Glue’s system are compliant with SOC 2 standards.
What this Means
IT Glue achieving SOC 2 compliance means a couple of things. First, it means that your data is safe when stored in IT Glue, and this has been verified by a third party. Being able to pass the SOC 2 audit provides our partners with the highest level of trust with respect to the infrastructure and processes followed by IT Glue.
Second, for MSPs, working with a SOC 2 certified partner in IT Glue may open up some opportunities. In some industries, this certification is required. MSPs wishing to service customers needing reliable security know that they can use IT Glue to help meet the needs of those customers. Health care companies in the US, for example, have specific privacy requirements under HIPAA, and the SOC 2 certification goes a long way to meeting those requirements. SOC 2 is also valuable for courting government business, or any client that deals with highly sensitive data. Other MSPs who might not have been able to work with IT Glue previously because of the nature of their client bases, now can.
Importance of Documentation
SOC 2 certification highlights the importance of documentation. Passing audits means not just having great practices, but being able to demonstrate those practices to auditors. IT Glue was able to do this because all the critical SOPs and passwords were in IT Glue. If we can use IT Glue to help make the audit process easier, the same holds for any company – if you face regular audits then you’ll know the value of having a robust, organized documentation system in making the audit process that much smoother. If you’re looking to meet HIPAA guidelines in particular, you’ll need a robust, secure documentation platform to house and safeguard your critical business information.
IT Glue is the leading documentation platform for MSPs, designed to eliminate waste, improve productivity and hit your SLAs better. We are SOC 2 compliant, meaning that you can count on the security of your information in IT Glue.