CloudHealth Technologies has announced it has completed its Service Organization Controls 2 (SOC 2) examination – A formal evaluation of processes, procedures, and controls related to the Trust Services Principles and Criteria of Security and Availability.
SOC 2 was developed by the American Institute of CPAs to ensure companies are managing customer data and can protect the privacy of their clients. SOC 2 defines the criteria for managing customer data across five trust service principles – security, availability, processing integrity, confidentiality, and privacy.
SOC 1 is concerned with the vendor’s systems and whether their design meets the relevant trust principles, while SOC 2 is concerned with the operational effectiveness of those systems.
To receive SOC 2 certification, a company must demonstrate it has achieved minimum standards in all of the Trust Service Principles. The examination involves a technical audit, but it is not just a case of ticking the right boxes to pass the examination. Companies must also develop policies and procedures to ensure the security of customer data in the long term.
Software-as-a-Service (SaaS) companies, cloud vendors and any other company that stores customer data in the cloud need to meet SOC 2 requirements to minimize the risk of customer data being exposed. SOC 2 compliance means a company has the necessary controls in place to ensure customers data are secured and well protected. SOC 2 compliance means companies considering using a SaaS company are assured of the quality and effectiveness of internal controls without having to perform additional assessments. It serves as confirmation that a company can be trusted with your data.
“With this new certification, CloudHealth Technologies is building even more trust and confidence in our service delivery and controls over information and data,” said Joe Kinsella, CTO and Founder of CloudHealth Technologies. “CloudHealth provides IT leaders with peace of mind and assurance that we have the proper internal controls in our systems and organization to keep customer information secure and highly available.”
