The CloudSphere team is pleased to share that the company has achieved SOC 2 Type 2 certification, a signal of our longstanding dedication to upholding the highest security standards. This accreditation is a rigorous, independent assessment confirming CloudSphere is equipped with the proper controls to mitigate security risks, giving peace of mind to both current and prospective customers. With the completion of this certification, CloudSphere further demonstrates that it is a trusted partner for companies in heavily regulated industries that either prefer or are required to work with certified vendors.
What is SOC 2 Type 2 Certification?
The acronym SOC 2 stands for Service Organization Control 2. It is a type of audit developed and administered by the American Institute of Certified Public Accountants (AIPCA) that examines a service organization’s controls for customer data protection and privacy. Verification takes place in two stages. Type 1 examines a company’s relevant controls at a single point in time. Type 2 tests the same controls but over a longer period of time to confirm that the controls and supporting processes are being consistently followed. The Type 2 certification process is then repeated every year. This process ultimately assures that a certified company has the right controls in place to keep customer data safe.
What is the process for getting certified?
The first step in the process is to identify a group of auditors. Those conducting SOC audits must be authorized and certified. An auditor’s initial action is to determine which of the five trust principles defined by the SOC framework (and their associated controls) are applicable to the organization they are auditing. An examination along with a detailed questionnaire are usually completed to accomplish this task.
In the case of CloudSphere, three of the five trust principles were applicable to the SaaS services that we provide: Security, Availability and Confidentiality. As part of the Type 1 process, our initial step was to put together a plan for achieving compliance. A combination of cross-team engagement and managerial support was necessary for this process. Teams across our entire enterprise followed this written process, ranging from IT deployment to Customer Service to HR and software development.
In addition to creating well-defined processes, evidence is required that they are being followed and documented. Frequent point checks took place across all evidence pertaining to the methods employed by our organization to demonstrate SOC compliance during the formal audit period. The evidence also required a description of related solution(s) delivered to customers. Providing this attestation ensured that the SOC compliance statement was directly aligned with the solution.
Once the initial Type 1 objective was achieved, we now had to demonstrate “walk the walk” capabilities while continuing to follow and develop on-going procedures, guaranteeing that all internal process stages continue to be documented in detail. As with most cases, our Type 2 audit was performed several months later, necessitating the need for providing documentation over a longer time span. After the auditors reviewed our final submission, we were granted Type 2 certification for a period of one year.
With security incidents growing at a staggering rate, cybersecurity is vital to any company’s success in today’s environment. CloudSphere has always upheld rigorous security and data confidentiality standards. Achieving SOC 2 Type 2 certification is further evidence of this commitment and offers assurance to our current and prospective customers that CloudSphere is an outstanding choice for businesses that require certified providers.