IT Infrastructure as a Service Providers like InfraDMS, demonstrate achievement of SOC 2 Type 2 standards annually to assure operating system controls are effective in the protection of information being stored or transferred across networks. A SOC 2 Type 2 report examines the design effectiveness of a service provider’s controls and determines whether or not controls have been placed in operation on a set date. Furthermore, the report evaluates the effectiveness of the controls over a period of anywhere from four to nine consecutive months.
The AICPA has created five Trust Service Principles (TSP) that outline the areas a SOC 2 Type 2 report will consider:
- Security: The system is protected against unauthorized access, use or modification
- Availability: The system is available for operation and use as committed or agreed
- Processing Integrity: System processing is complete, valid, accurate, timely and authorized
- Confidentiality: Information designated as confidential is protected as committed or agreed
- Privacy: The system’s collection, use, retention, disclosure and disposal of personal information are in conformity with the commitments in the service organization’s privacy notice
Companies utilizing or considering an IT Infrastructure as a Service provider, should ask about the providers performance relative to the SOC II standards on an annual basis to be certain that your provider has the controls that will serve as a foundation for your information security success.