IWCO Direct takes its data security practices seriously across the board. From strict access restrictions to practical precautions, there’s no detail too small to focus on when it comes to keeping our data (and that of our clients) safe, secure, and available to only those who need it.
Part of our ongoing commitment to data security is maintaining compliance with relevant standards for data protection. We recently received an independently assessed SOC 2 report on our security compliance, giving us and our clients greater assurance and visibility into our security processes.
What a SOC 2 Report Looks For
According to the American Institute of CPAs (AICPA), SOC 2 reports provide to our clients “detailed information and assurance about the controls at a service organization [IWCO Direct] relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data” as well as insights about “the confidentiality and privacy of the information processed by these systems.” SOC 2 reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Why We Chose SOC 2 and How It Was Assessed
IWCO Direct’s security practices are based on the ISO 27001 framework, with incorporation of PCI DSS and HITRUST controls. These standards provide the basis for our security program and the SOC 2 report provides our clients with an overview of how we have implemented our controls. To complete this process, a qualified third-party assessor assembled a SOC 2 report by thoroughly reviewing IWCO Direct’s processes related to security, availability, processing integrity, confidentiality, and privacy.
Many of our clients have expressed interest in SOC 2 compliance, so this year the decision was made to enhance our existing certifications by providing our clients with the additional assurance provided by this report.
How SOC 2 Complements Our Security Compliance
Our standards (including ISO 27001, PCI DSS, and HITRUST) provide guidance on what must be in place to achieve compliance. SOC 2 has similar elements, but also provides an assessor’s judgment of the suitability of the design and operating effectiveness of controls, including details of the processing and controls, the tests performed by the service auditor, and results of those tests.
Obtaining SOC 2 compliance demonstrates that a company has proactively implemented appropriate operational controls to satisfy its security requirements. With a SOC 2 report from IWCO Direct, clients gain additional assurances that appropriate controls are in place, the controls have been evaluated by a third-party, and clients can see for themselves the approach the provider has taken. Ultimately, a SOC 2 report allows customers and stakeholders to gain confidence in our security practices and place trust in our systems.
SOC 2 is the latest way we demonstrate our continued commitment to security of our clients’ data, but it won’t be the last. If you have any questions about how IWCO Direct handles or protects data, or how we maintain compliance, get in touch with us today.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.