Is your MSP SOC 2 certified?


 

Some time back in the last century, SLPowers became a managed services industry pioneer, and we have the awards to prove it. 

 

In fact, we were awarded an “Industry Contribution Award” by the Computing Technology Industry Association for our pioneering work in making Enterprise-class managed network service and support affordable for small and medium businesses.

 

Today we’ve embarked on a similar mission – to bring Enterprise-class information security to small and medium businesses. 

 

And how are we proving it this time? Our SOC 2 Type II certification is a good place to start.

 

What is a SOC 2? What is Type II? 

The American Institute of CPAs establishes the auditing standards that private companies, non-profits, and government entities must adhere to. They also assess and certify Service Organization Controls - the internal systems third party providers are supposed to put in place to protect the information assets of their clients.

 

In effect, the SOC standards provide peace of mind for any organization looking to partner with third parties. A SOC 2 designated organization has been audited by an independent certified public accountant, who determined that the firm does in fact have the necessary systems in place to control the access to and the maintenance of information assets. And if the SOC 2 recipient submitted to a Type II report, the auditor attests that the company maintained and adhered to those critical safeguards and procedures for a designated period of time - no less than six months.

 

What internal controls does a SOC 2 audit evaluate?

 

A SOC 2 audit is an important tool to validate the internal controls established by managed service providers. Its framework is built on a set of five pillars, which are collectively referred to as Trust Services Principles and Criteria. These principles address the risks and opportunities of IT-enabled systems and privacy programs. Specifically, they focus on the following:

 

- Security.  The system is protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements.

 

- Availability.  The system is available for operation and use to meet the entity’s commitments and system requirements.

 

- Processing integrity.  System processing is complete, valid, accurate, timely, and authorized to meet the entity’s commitments and system requirements.

 

- Confidentiality.  Information designated as confidential is protected to meet the entity’s commitments and system requirements.

 

- Privacy. Personal information is collected, used, retained, disclosed and disposed to meet the entity’s commitments and system requirements.

 

The first three criteria attest to the provider’s reliability. The other two speak to the integrity of the provider’s security processes. And every one of them makes a difference.

 

Who needs to know?

 

If you are in the cloud, or part of a regulated industry, working with a SOC 2 provider is critical.

 

With more companies shifting its IT footprint to the cloud, the security of that information becomes more important than ever. As cloud providers ourselves, and as experts in Microsoft Azure, SLPowers is uniquely positioned to ensure the security of your cloud-based information, whether that information is active or archival, at rest or in motion.

 

And in a regulated industry, partnership with a SOC 2 Type II provider becomes a critical factor in lowering costs while maintaining compliance. For example, banks can lower the IT costs by outsourcing critical functions, while resting assured that they continue to meet all regulatory requirements. Companies adhering to PCI standards, and medical entities under HIPAA requirements, achieve similar results.

 

But only if they contact us.