Do you trust your software provider? What criteria does your organization use to regulate access and handling of sensitive data such as vendor data, client details, employee information, PII (personally identifiable information), PHI (protected health information), and vital contract information? With the amount of concern over security and data breach happening today, you should ensure that your confidential information is stored in a trusted environment. In recent years, leading organizations have proven data security compliance with a SOC 2 report, intended to assure clients that security controls and monitoring are in place. Data security is crucial when it comes to handling client data and accountability, and any company handling client data should consider SOC 2 compliance a requirement.
SOC 2 is an auditing procedure done by the American Institute of CPAs (AICPA), certifying that a service provider is securely managing data and protecting the interests of your organization and its clients. Software providers must follow strict information security policies and procedures to abide with SOC 2 compliance. The AICPA distributes set criteria and the company requesting a report must respond on how these things are addressed.
According to the AICPA, SOC 2 reports can play an important role in:
Software providers who are not SOC 2 compliant could potentially be a risk to your organization. A nonexistent security audit often means either the company feels the SOC 2 report won't differentiate them to their clients or they have not had a client request a report at this point in time. No matter the reason, lacking the proper security walls necessary to achieve SOC 2 compliance could be a potential reason for a company not to have a SOC 2 report. Requesting a report prior to giving a company access to your data is the best way to ensure your private information will be safe.
Technology has created endless opportunities that companies are continuously working to use for development, but it's imperative that while expanding on these opportunities they remain in their clients' best interests. Controlled oversight of the organization, and ability to determine if there is a risk or threat occurrence, is a big part of remaining SOC 2 compliant.
Not only do many organizations use third-party vendors to host business solution products on the cloud as a Software as a Service (SaaS) solution, but their software providers do as well. Whether you're considering a SaaS or deployed software solution, you should ensure the software provider is SOC 2 compliant. SOC 2 ensures procedures are in place, not just for a vendor's data center, but for the software vendor as a whole. Proper policies and procedures must be active, while monitoring everything from device activity to third-party tools and programs.
As a SaaS and deployed software provider, CobbleStone has achieved SOC 2 Type 1 Attestation. Client data should remain secure, and CobbleStone understands the importance of having detailed procedures and policies in place to protect this information.
CobbleStone's mission states:
Although this statement refers to more than just compliance, it touches greatly on us working as a team to provide the best possible service to our clients, meaning secure technology and upstanding confidentiality for critical data. With CobbleStone, clients have a contract management solution, and a provider, they can trust.