Element Four is now SOC 2 Type I compliant. SOC 2 compliance means that third party auditors have verified that Element Four follows best practices with respect to security in terms of both infrastructure and process.
What is SOC 2?
SOC stands for service organization control. The program was created by the American Institute of Certified Public Accountants (AICPA) as a means of improving the reporting of service organizations. There are three variants of SOC compliance–SOC 2 is designed for cloud and SaaS companies. SOC 2 emphasizes security and operational metrics. At the core of SOC 2 are five Trust Services Principles (TSPs).
The 5 TSPs
The five TSPs are security, availability, processing integrity, confidentiality and privacy. Essentially, SOC 2 is an audit of the company’s technical capabilities, and its ability to ensure that data is secure, available and held in confidence. The procedures for ensuring these outcomes must be documented and to receive certification the company needs to be able to demonstrate that it has effective procedures in place to meet audit standards.
What this Means
First, it means that your data is safe when stored at Element Four, and this has been verified by a third party. Being able to pass the SOC 2 audit provides our clients with the highest level of trust with respect to the infrastructure and processes followed by Element Four.
Second, working with a SOC 2 certified MSP such as Element Four may help you achieve compliance. In some industries, this certification is required. Health care companies in the US, for example, have specific privacy requirements under HIPAA, and the SOC 2 certification goes a long way to meeting those requirements. SOC 2 is also valuable to government business, or any client that deals with highly sensitive data.