Element Four is now SOC 2 Type II compliant. SOC 2 compliance means that third party auditors have verified that Element Four follows best practices with respect to security in terms of both infrastructure and process – an audit performed by KirkpatrickPrice. This is following the SOC 2 Type I compliance that was previously reached in 2020. It is the goal of Element Four to continually reach certification for SOC-II as a means to rigorously test processes while giving clients the utmost assurance of the integrity and security of IT services provided.
What is SOC 2?
SOC stands for service organization control. The program was created by the American Institute of Certified Public Accountants (AICPA) as a means of improving the reporting of service organizations. There are three variants of SOC compliance–SOC 2 is designed for cloud and SaaS companies. SOC 2 emphasizes security and operational metrics.
“Element Four is committed to the safety and security of our clients’ data and IT infrastructure,” said Chris Vinton, President of Element Four. “The SOC 2 audit is a rigorous process that provides our team valuable feedback which helps Element Four maintain the highest-level of integrity and security in the services we provide.”
“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “Element Four delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Element Four’s controls.”
The 5 TSPs
The five TSPs are security, availability, processing integrity, confidentiality and privacy. Essentially, SOC 2 is an audit of the company’s technical capabilities, and its ability to ensure that data is secure, available and held in confidence. The procedures for ensuring these outcomes must be documented and to receive certification the company needs to be able to demonstrate that it has effective procedures in place to meet audit standards.
What this Means
First, it means that your data is safe when stored at Element Four, and this has been verified by a third party. Being able to pass the SOC 2 audit provides our clients with the highest level of trust with respect to the infrastructure and processes followed by Element Four.
Second, working with a SOC 2 certified MSP such as Element Four may help you achieve compliance. In some industries, this certification is required. Health care companies in the US, for example, have specific privacy requirements under HIPAA, and the SOC 2 certification goes a long way to meeting those requirements. SOC 2 is also valuable to government business, or any client that deals with highly sensitive data.
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.