What is SOC 2 Certification, and Why Does it Matter?
System and Organization Controls for Service Organizations 2 (SOC 2) certification is a voluntary certification process that service providers can undergo to demonstrate their commitment to protecting client data.
The SOC2 compliance standard was developed by the American Institute of CPAs (AICPA). This organization provides guidance on how organizations can manage customer data to keep it safe and secure.
In addition to proving that a company has processes in place to protect consumer data, SOC 2 certification outlines a framework of security standards and trusted principles the company can follow.
Even though it is voluntary, DocJuris believes it is essential for technology service providers, including software as a service (SaaS) companies, that use the cloud to store customer data.
Customer data can easily fall into the wrong hands without the proper security measures. SOC2 certification ensures that companies have organized processes that protect client data at all times.
Understanding the SOC 2 Evaluation Process
The AICPA standards are focused on five trust services principles, which are reflected in SOC 2 Type I and Type II reports:
- Privacy: Includes encryption, access control, and two-factor authentication
- Security: Includes intrusion detection, two-factor authentication, and firewalls
- Availability: Includes performance monitoring, security incident handling, and disaster recovery
- Confidentiality: Includes encryption, access controls, and firewalls
- Processing integrity: Includes quality assurance and processing monitoring
While these principles are standard for every organization that undergoes a SOC audit, SOC reports are unique for each organization. That’s because every company designs its own controls to remain compliant with the above trust principles.
Thus, a thorough evaluation process is necessary. SOC 2 certification is granted after a thorough auditing process. This is performed by a third-party auditor who evaluates an organization’s security measures against the AICPA standards that have been put into place.
SOC 2 Type I and Type II Audits
There are two types of SOC 2 compliance that an organization can achieve: Type I and Type II.
The first auditing process is for SOC 2 Type I certification. This process looks at how an organization designs controls for security and compliance based on a specific point in time. Last year, DocJuris took this snapshot to our SOC 2 auditor for review. We announced our achievement of SOC 2 Type I compliance in July 2021.
While we were thrilled to achieve the high standard of SOC 2 Type I compliance, the team at DocJuris recognized that it was just one piece of the larger puzzle of ensuring that we protect our clients’ data at all times, not just during a given period.
So, we quickly got to work pursuing SOC 2 Type II compliance.
SOC 2 Type II compliance explores how an organization has designed controls for security and compliance over a period of time, which is typically 6 – 12 months. The audit looks for proof that the controls an organization has put into place have operating effectiveness over the length of the audit period.
DocJuris’s audit period began in early 2022. It encompassed every aspect of our business, from accessing our on-site premises to server monitoring, cloud storage, device security, and employee training.
We are thrilled to announce that in July 2022, we were granted the distinction of meeting the requirements to earn SOC 2 Type II certification.
What SOC 2 Type II Compliance Means for DocJuris Clients
The primary purpose of SOC 2 compliance is ensuring that an organization has met the required criteria for protecting sensitive information and data. So, for our clients, that means that you can rest assured that your private data is being stored safely and securely every time you use DocJuris.
In addition to keeping your data safe now, SOC 2 compliance ensures that DocJuris will protect your personal information in the future. Our work of meeting SOC 2 compliance requirements isn’t over. We will continue to be evaluated every six months to ensure that we meet the latest privacy and security standards.
To learn more about DocJuris and how our software can help you streamline your next contract, schedule a demo.