Posted: Feb 27, 2019 in Company Updates
DMM places client confidentiality and security as top priorities. Our secured facilities recently passed their fourth SOC 2 Type II Compliance Audit, which ensures that a service organization has the proper management processes, policies, procedures and personnel in place to achieve transparency and consistency of its service offerings. This framework and audit is designed by the American Institute of Certified Public Accountants (AICPA) to test the controls related to information technology and the security of a service organization.
The purpose of SOC standards is to provide confidence and peace of mind for organizations when they engage third-party vendors. A SOC-certified organization has been audited by an independent certified auditor who determines the firm has the appropriate SOC safeguards and procedures in place. Companies that want to achieve high level privacy and security standards place a premium on SOC 2 Type II certifications, which can save businesses sizable time and money while mitigating risk.
The SOC 2 audit report builds on the financial reporting basis of SOC 1 and also requires standard operating procedures for organizational oversight, vendor management, risk management, and regulatory oversight. A SOC 2-certified service organization is appropriate for businesses whose regulators, auditors, compliance officers, business partners, and executives require documented standards. SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data.
SOC 2 framework includes five key sections, forming a set of criteria called the Trust Services Principles. These include the security of the service provider’s system; the processing integrity of this system; the availability of this system; the privacy of personal information that the service provider collects, retains, uses, discloses and disposes of for user entities; and the confidentiality of the information that the service provider’s system processes or maintains for user entities.
SOC 1 and SOC 2 reports come in two forms. Type I reports concern policies and procedures that were placed in operation at a specific moment in time, and describe a vendor’s systems and whether their design is suitable to meet relevant trust principles. Type II reports concern policies and procedures over a specified time period; for this more rigorous designation, systems must be evaluated for a minimum of six months.
As more companies leverage the cloud to store customer data, SOC 2 Type II compliance is becoming compulsory, especially within financial services. The exam requires companies to establish and adhere to strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data.
The ultimate certification is SOC 2 Type II. SOC 2 Type II is a “badge of honor” for DMM and is among the most coveted and hard to obtain information-security certifications. DMM’s SOC 2 type II certification proves its system is designed to keep its clients’ sensitive data secure. SOC 2 requires long-lasting internal practices that will ensure the security of customer data and the longevity of its business. SOC 2 Type II certification provides DMM’s clients with rational assurance and peace of mind that its controls are properly designed, in place, and effectively protecting sensitive client data.