WHAT IS SOC 2 Certification?
SOC (System and Organization Controls) 2 is a certification that testifies that a service provider is following verified data management standards.
SOC 2 certification means our organization’s processes have been audited by a third-party assessor and certified as data security best practices.
WHY DID INNOVATIVE NETWORK SOLUTIONS DECIDE TO BECOME SOC 2-CERTIFIED?
INSC voluntarily completed the SOC 2 Type 1 certification to prove our dedication to our clients’ security and ensure that we are taking the necessary precautions to fully protect you.
Though not required by law, this certification does help provide users with peace of mind that their data is being handled safely and according to the latest security measures, especially for organizations operating in industries with strict compliance standards.
WHAT DOES THE CERTIFICATION PROCESS ENTAIL?
SOC 2 certification is provided a thorough third-party assessment governed by the AICPA that evaluates IT processes, especially security. INSC participated in all three stages:
- Readiness Assessment: INSC provided detailed information and documentation for all our systems and procedures. We met objectives including but not limited to governance, information security, physical security, confidentiality, and privacy.
- Audit: A third-party assessor reviewed systems and security practices, verifying that INSC met the standards for best practices.
- Official Report: INSC received a detailed report issued by a CPA firm outlining our SOC 2 compliance. We wanted a comprehensive report that we could openly share with our current and prospective clients, helping them feel confident in our credibility.
Areas tested in SOC 2 certification include these five trust services categories:
Both physical and electronic data is securely stored and protected from unauthorized users. Monitoring for suspicious activity and an action plan for the event of a data breach are in place.
Information designated as confidential, such as Private Health Information (PHI) or Personally Identifiable Information (PII), is fully protected from unauthorized users both within and outside the service organization.
Transactions are securely completed and recorded. Financial transactions are encrypted, and platform access or transaction history is granted to authorized users as marketed.
Specific systems and accesses are available to customers and clients as contractually required.