STORY HIGHLIGHTS
- Proceedix is proud to announce it obtained a SOC 2 certification
- Security and availability of data are key components
- SOC 2 has many benefits for our clients (data security, easier setup pilots, supports growth)
A SOC 2 (Service Organisation Control) certificate is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. This certificate is issued by independent third party auditors (2-Control in our case) covering the principles of Security and Availability.
Many of the security aspects SOC 2 addresses involve external interactions that could affect internal or customer data security. The AICPA developed SOC 2 to encourage the implementation and oversight of proper security procedures.
A SOC 2 report focuses on the Security and Availability Trust Service Criteria (TSC) principles. As noted above, companies use these principles to assure their business partners and service organizations that proper security procedures are in place. A type II report details how those controls are structured and implemented over time.
Security and availability of data as key components
To obtain the SOC 2 certificate, our developers team had to detail how they handle and organize the Proceedix solution in terms of data security and availablity
Security: The security section of a SOC 2 audit examines both the physical and electronic forms of security in use. Are systems protected from unauthorized access, and are there controls in place to alert enterprises of any suspicious activity?
Availability: Are clients able to access the system as per contractual specifications?
Difference between SOC 2 and ISO 27001?
SOC 2 and ISO 27001 are quite similar as both are designed to instill trust with clients that their data are being protected. Both certifications cover important dimensions of securing information, such as confidentiality, integrity and availability.
The main difference between SOC 2 and ISO27001 is that SOC 2 is focused mostly on proving the security controls that protect customer data have been implemented.
What are the benefits of SOC 2 for our clients?
Protect our company (and your data) from security threats
A SOC 2 certification helps us avoid security threats, such as cyber criminals breaking into our IT infrastructure or data breaches caused by employees making mistakes.
As digital work instructions or digital inspections most often contain critical information on a company’s production processes, procedures and assets, it is of vital importance that our clients can rely on a secure platform.
Easier and faster setup of pilots and client relations
Most large companies require strict measures to comply to their security standards (both IT and OT). With a SOC 2 type II certification, we address most (if not all) security concerns and can immediately focus on the job at hand.
Supports our growth
Achieving SOC 2 compliance will help us win new business and enhance our reputation with existing customers and suppliers. As Proceedix adapts and grows, it means new hires on board and new code development. With SOC 2, we created a system that has enough flexibility to ensure that everyone maintains their focus on information security tasks. Similarly, periodic risk assessments ensure that we reassess as needed.