Thoughts from Coretelligent’s Chief Technology Officer, Chris Messer
The recent changes to the workforce and increase in cyberattacks have many organizations wondering if their IT partners are managing their data securely. Reevaluating a current vendor or shopping for a new one can be a daunting task for decision-makers. How can you trust that your vendor’s practices are aligned with regulatory and industry standards that affect your business? With an evolving threat landscape and increasingly rigid regulations, this question has never been more critical.
Whether your vendor provides cloud hosting, software as a service (SaaS), platforms, or facilities, they should have at a minimum their SOC2® certification. This is a must for any partner that is interacting with your data.
What is SOC2?
Service Organization Control 2, or as it’s commonly known, SOC2®, is the industry standard for validating that a service organization can secure data while at rest and in transit. This certification is regulated by the American Institute of Certified Public Accountants (AICPA). It helps attest that a vendor is a stable and mature organization implementing the right security controls and that these controls are operationally effective to minimize the potential of a data breach or outage.
There are two types of SOC2® reports. The Type 1 report is a snapshot of a service organization’s controls as of a specific date. The Type 2 report, which is more robust, measures a service organization’s controls over several months: typically taking 12 months.
From a compliance standpoint, anywhere your data is transmitted or stored should be SOC2® certified. For more information on how service providers are measured, check out our SOC2® Guide.
Data Loss, Leaks, and Breaches, Oh My!
Organizations may make the mistake of assuming that all vendors are held to the same regulatory standards as their business. Unfortunately, this is not the case. Service providers that don’t implement cybersecurity best practices become an insider threat to your data.
Without the proper controls, your business has an increased risk of experiencing a data breach, unauthorized access of data, or data loss. This past February, General Electric experienced a data breach through a third-party vendor. The vendor allowed an unauthorized user to gain access to the personally identifiable information (PII) of current and former GE employees.
SOC2® certified vendors give your business reasonable assurance that the proper systems and procedures are in place to maintain data security and privacy.
The Benefits of a SOC2® Service Provider
SOC2® certification is crucial whether you are entering a new relationship with a service organization or just need to validate that they are implementing the proper security controls. As a part of your vendor risk assessment, ask service providers if they are SOC2®certified.
Security is the foundation of everything we do at Coretelligent. We want our clients to feel confident that their data is safe, and our security practices are aligned with industry and regulatory standards. Our SOC2® certification represents our commitment to security, our clients, and overall IT best practices.