Mission is pleased to announce that it has recently passed its Service Organization Controls (SOC) 2 SM Type 2 audit.
A SOC 2 Type 2 report is the most comprehensive certification within the SOC protocol. Companies that earn this certification have demonstrated that their system is operationally effective at keeping sensitive data secure. In this blog post, we will explain how auditors measure success in assessing a company for SOC 2 Type 2 certification, the process Mission went through to get certified, and how this benefits customers.
How Do Auditors Approach SOC 2 Type 2 Certification?
For the SOC 2 Type 2 certification, third-party auditors assess the extent to which a vendor complies with one or more of five trust services criteria based on the systems and processes in place. The five criteria are:
- Security: The protection of system resources against unauthorized access.
- Availability: The accessibility of the system, products, or services runs as stipulated by the service level agreement (SLA)
- Processing integrity: The system processing is complete, accurate, timely, authorized, and achieves its purpose.
- Confidentiality: The data deemed confidential is restricted to a specified set of persons or organizations.
- Privacy: The system’s collection, use, retention, disclosure, and disposal of personal information aligns with the organization’s privacy notice and with the criteria established by the generally accepted privacy principles (GAPP).
What did Mission’s certification process entail?
Mission’s SOC 2 Type 2 certification process began with a kickoff meeting between key Mission stakeholders and a third-party auditor. In this initial meeting, Mission and the auditor reviewed the standards that would be evaluated, decided on the audit timeframe, and determined where we currently had gaps so we could prepare in advance of the audit.
The next part of the process is the validation phase. This is otherwise known as the audit phase. During the validation/audit phase, none of Mission’s processes were allowed to change. We had to validate our controls (by way of penetration testing, audits of logins and antivirus tools, and more) to demonstrate evidence within the audit timeframe that we handled security protocols correctly. Additionally, during the validation phase, the auditor maintained a procedure document which contained an audit of all users and credentials in our systems, as well as onboarding systems for employees and vendors.
In the final phase, the auditor gathered all of the evidence and compiled a comprehensive report, ultimately determining that Mission's policies, procedures, and controls met the standards required for SOC 2 Type 2 certification.
The Importance of SOC 2 Type 2 Certification
The SOC 2 certification carries significant importance both for Mission as a company well as for all of our customers we serve.
From the customer perspective, the SOC 2 Type 2 certification brings peace of mind and serves as a shortcut to building trust. It functions as proof that a cloud provider such as Mission prioritizes security and demonstrates from a non-biased, third-party source that Mission’s controls are living up to expectation. In addition, from the Mission perspective, the SOC 2 Type 2 certification is incredibly useful in that it provides an opportunity to benchmark ourselves against industry standards and keep up with evolving security best practices.
To learn more about our SOC 2 Type 2 certification, read our press release here.