Data is one of the most important assets to modern organizations. Organizations digitally transform to harness the power of their unique data sets on products, customers, patients, users, processes, etc. Understanding your organization and the market you serve makes you more competitive, saves costs, and delivers focus.
Important assets must be kept secure.
Business data is stored everywhere. It’s in company databases, on local or shared file systems, in cloud applications, emails, and probably in your pocket if you keep your phone there.
Sadly most of us are no longer surprised when learning about a data breach. The “everything connected” world has given criminals many ways to break into systems and get data. Not all data is equally sensitive. Personally Identifiable Information (PII), e.g., name, social security number, and date of birth, is among the most sensitive data sets.
How can you feel comfortable that your data is well-guarded? This is the domain of industry standards and certifications such as SOC, ISO, HIPAA, and PII.
SOC stands for Systems and Organization Controls. It is a reporting/auditing framework that covers many processes about how companies organize. SOC 2 is specific to technology and Software as a Service vendors. The first two SOC 2 certifications are most common:
– SOC 2 Type 1 is a point in time audit by an independent auditor, validating that an organization’s required controls are in place.
– SOC 2 Type 2 is an independent audit over a period of time, validating that you use your controls effectively.
SOC 2 Type 1 is a prerequisite to SOC 2 Type 2. A Type 2 certification can be completed as early as three months following a Type 1 certification. However, most companies aim for Type 2 certification about a year from the Type 1 certification and recertify annually from then forward.
SOC 2 consists of 5 trust service principles:
1. Security (mandatory and by far the biggest)
4. Processing integrity
Most SaaS providers certify 1, 2, and 3.
HVR SOC 2 Type 1 Certification
To date, HVR has been available as a software download. Our customers install and run the software in their environments, behind corporate firewalls, and virtual private clouds (VPCs). Inherently such a deployment model is relatively secure thanks to running behind corporate firewalls. The HVR software processes your data, but as a software provider, we are not your data processor.
For the HVR software download, we have certified SOC 2 Type 1 for Trust Services Criteria: Security, Confidentiality, and Availability. As we follow our established processes, we aim to earn SOC 2 Type 2 certification by the middle of 2022.
With our SOC 2 efforts, we want to show you our commitment to keeping your data as secure as possible.
If you have any questions about HVR’s SOC 2 Type 1 certification, don’t hesitate to get in touch with us.