TAG Solutions Blog

What is SOC-2 Compliance?

April 26, 2022 at 10:09 AM / by Danielle Smyth

When evaluating an MSP, one of the biggest considerations needs to be whether or not they are equipped to keep your data and network safe and secure. One of the many ways to do this is to see what kind of security certifications they have. SOC-2 compliance is one of the most important certifications that any IT provider can have. It was developed by the AICPA (American Institute of CPAs), and when an MSP achieves this certification, it demonstrates their commitment to ensuring the safety and integrity of your business and network.

 

Trust Service Principles

There are 5 main “trust service principles” that make up SOC-2: security, availability, processing integrity, confidentiality, and privacy. Let’s delve into each of them in more detail:

Security

The security principle controls who has access to your data and your network, and helps to maintain the integrity of those. Often this principle employs access controls, which allows your business to customize who can access different files and sensitive data based on their user role and job level. Additionally, this principle will utilize antivirus software, firewalls, and multi-factor authentication, or MFA, to ensure that there is no unauthorized access into your system.

Availability

This refers to the accessibility of your business’s systems, processes, and software, specifically as stated in your SLA (service-level agreement). Essentially, this stipulates the minimum acceptable accessibility that both your business and your MSP have agreed upon. One of the keys to this principle is that it monitors your network for any kind of security-related incidents that may affect accessibility. This includes monitoring network performance, site failover, and any security incidents that would affect your ability to access your essential business processes.

Processing integrity

This principle is essentially measuring whether your network is doing what it should be doing. It needs to be delivering the data you need at the speed you need it. It makes sure that data processing is complete, valid, accurate, timely, and authorized. It is important to note that this principle refers to the integrity of how your data is processed, not the integrity of the data itself. If the data is corrupted, this will not be part of the processing integrity principle. So maintaining quality assurance measures, as well as monitoring the data processing itself, is still a critical part of your business.

Confidentiality

This principle is relatively straightforward: confidentiality ensures that your data is secured from people who are not authorized to access it, and that it is encrypted and only available to those who need access to it and other trusted entities. This can be achieved through the use of a variety of security controls, such as firewalls for both the network and applications, MFA, and other rigorous security measures. This is the best way to make sure that your data stays out of the wrong hands and that your sensitive data and company information is not compromised in any way.

Privacy

This principle is essential for every business, especially those who store sensitive customer data and privileged information. It covers the collection retention, use, disclosure, and disposal of this data. Often this is outlined in a company’s privacy policy. This data typically includes personal identifiable information (PII) such as names, contact information, email addresses, and even more sensitive data such as social security numbers, bank account information, and credit card data. Many businesses must comply with certain security measures to ensure that this data does not fall into the wrong hands, and if it does, the consequences can be catastrophic. In addition to being subject to fines and possible litigation, your business could lose customers, revenue, and deal with irreparable damage to your reputation.

Maintaining these 5 principles can be difficult and overwhelming for a business to maintain on its own. By hiring an MSP or IT provider who is SOC-2 certified, you can rest assured that your business is in the right hands and that the IT professionals you’re working with know how to keep everything safe and secure so you can focus on the other aspects of your business. TAG Solutions is proud to be SOC-2 certified, and this allows us to provide the highest level of service to our customers. To learn more about what we can do for your business and how our SOC-2 certification sets us apart from the competition, contact us today!

 
 

Tags: Cybersecurity

Danielle Smyth

Written by Danielle Smyth