Here at Alert Enterprise, we’re in the business of helping organizations merge their physical access management systems and practices with IT and OT systems. As a result, physical security teams gain digital visibility, auditing and automation capabilities to streamline and expand access controls.
And while convergence enables higher levels of efficiency, risk mitigation and compliance – it also involves its fair share of enterprise data.
It’s critical for our partnerships and solutions to deliver the absolute highest standards of security and protection when it comes to our customer’s information. Since achieving SOC 2 Type 1 certification last year, we have now officially extended our SOC 2 journey to include successful Type 2 Audit Certification.
The security standard of choice
As a cloud-based SaaS provider, we’re constantly evaluating our processes, tools and technologies to make sure we’re setting the standard in information security. SOC 2 plays an important benchmarking role in assessing that progress. Unlike other compliance standards (such as HIPAA or PCI-DSS), SOC 2 is entirely voluntary but has become a highly regarded component of the vetting process for cloud, IT and/or SaaS partners.
In other words, it’s a security standard our customers should look for in any technology partner.
Breaking down SOC 2
SOC, which stands for “Service Organization Control,” provides a set of standards to evaluate how well service organizations manage a customer’s information. When companies are seeking a technology partner, SOC certification helps them to vet their options and gain peace of mind when it comes to a potential vendor’s security practices.
SOC 2 refers to the process by which auditors evaluate how a SaaS provider manages customer data according to five “trust service principles”: security, availability, processing integrity, confidentiality and privacy. Who sets these standards? The American Institute of CPAs (AICPA) – a global network of Certified Public Accountants.
Within SOC 2, there are two types or levels of certification. Type 1 assesses the design of security processes at a given moment, while Type 2 applies that same assessment over a period of six months. SOC 2 reports can inform a variety of business areas, including:
- Organizational oversight
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Explore the 5 core SOC 2 principles
Or, protecting a system’s resources from unauthorized access
How accessible are the products, services and system according to the service level agreement (SLA)?
Is data valid, accurate, complete and timely?
Has access been restricted to certain individuals or organizations? Are encryption protocols in place to protect data-in-transit?
Are controls in place to manage and protect Personal identifiable information (PII)?
A vote of confidence for new and existing customers
The certification audit report verified that Alert Enterprise meets the SOC2 Type 2 standards for Security and Availability Trust Services Principles with no exceptions. We achieved this result through a continued commitment to monitoring and measuring our security controls in a culture of continuous improvement.
Data is a critical component of any digital transformation strategy – but only if it’s in good hands. We’re proud to provide our new and existing customers with the peace of mind that comes with an experienced, independently audited SaaS partner.
Interested in learning more about our convergence solutions? Contact us today!