The term "SOC 2 Type 2" may sound like industry jargon to some. But there's nothing unclear about the benefits this type of compliance certification provides to companies who achieve it - and what it can also do for your business.
Indeed, ProntoForms understands that even the most powerful and intuitive mobile forms platform eventually becomes a liability if not compliant around the clock. But protecting customer data while ensuring availability and confidentiality in the cloud is a complex and evolving challenge. It's also a difficult task for customers, who typically don't have very good visibility into a vendor's day-to-day operations.
SOC 2 Type 2 certification explained
ProntoForms recently successfully achieved Service Organization Control (SOC) 2 Type 2 certification after undergoing a lengthy and sustained audit by a trusted, third-party auditing firm.
SOC 2 Type 2 ensures that certificants don't just have controls in place (that's covered by SOC 2 Type 1). Rather, it certifies that those controls have been successfully tested over a period of time. So instead of being evaluated on a simple snapshot of an organization's internal controls, SOC 2 Type 2 certification requires companies to undergo an audit lasting anywhere from several months to a year to make sure these controls are deployed properly and effectively.
The certification revolves around a set of specific Trust Services Criteria, as highlighted below:
- Security: That information and systems are protected against unauthorized access, with security referring to both information and information systems
- Availability: That information and systems are available for operation and use
- Confidentiality: That various types of sensitive information deemed confidential is protected
For a closer look at SOC 2 Type 2 Trust Services Criteria as defined by the American Institute of Certified Public Accountants (AICPA), check out this document.
Each SOC 2 Type 2 certification comes with a written auditor's report providing in-depth visibility into technical capabilities, along with how these capabilities are used to meet customer data compliance commitments. The audit evaluates processes against stringent criteria for data security, availability, and confidentiality. It also details the physical and technical measures used to protect systems against unauthorized access.
ProntoForms' SOC audit report is available upon request here, and proves we're consistently delivering on our promise to design security, availability and data confidentiality into everything we do.