SOC (Service Organization Control) 2
The SOC 2 audit is a compliance standard that evaluates policies and processes in place to protect a client’s data when it’s transmitted, stored, and managed in the cloud. HIA is in the process of undergoing a SOC 2 audit in order to earn compliance.
Why SOC 2 compliance?
The most obvious answer is that SOC 2 compliance demonstrates HIA maintains a high level of information security to protect the interests and privacy of their clients. SOC 2 compliance helps establish client trust and confidence in HIA’s service delivery processes and controls. The reports are administered by an independent third party that must be a certified public accountant (CPA).
Additional SOC 2 Compliance Benefits:
- Satisfies a client’s requirement that an audit of internal controls be in place at HIA, their service provider.
- Indicates to clients HIA’s commitment to internal controls and transaction processing integrity.
- Ensures HIA clients that information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the following:
- Availability - The system must be available for operation and must be used as agreed.
- Integrity - The system processing must be complete, accurate, well-timed, and authorized.
- Confidentiality - The information held by the organization that is classified as “confidential” by a user must be protected.
- Privacy - All personal information that the organization collects, uses, retains, and discloses must be in accordance with their privacy notice and principles. These are specified by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).