TBConsulting is incredibly proud to announce that we’ve successfully completed our SOC 2 Type 2 examination and certification - broadcasting our thorough commitment to compliance and data security for a long time to come.
This may just be more tech-jargon for you, though, so we’re going to outline what SOC 2 Type 2 compliance really is, how we attained it, and what that means for all of our partners - present and future.
WHAT IS SOC 2?
SOC 2 compliance is a rigorous technical audit that requires companies to create and maintain strict information security policies and procedures for the cloud-based storage of customer data. SOC 2 showcases a company’s ability to properly prevent and react to security breaches and is quickly becoming a vital feature for any credible business that aims to leverage the power of today’s cloud infrastructure.
WHAT IS TYPE 2?
There are two types of SOC 2 compliance, Type 1 and Type 2. Type 1 is essentially a snapshot of the current policies and procedures in place for data security - but it doesn’t require any proof of continuous adherence.
Type 2, on the other hand, requires an actual examination period where these processes and procedures are monitored to show evidence of continuous compliance. It is a much more rigorous process, but one that TBConsulting was willing to undergo to prove our commitment to the security of our customer’s data.
WHAT DID IT REQUIRE OF US?
To complete our SOC 2 Type 2 examination, we were required to meet four areas of security practices to prove that we actively participate in strict measures that encompass the security, availability, processing, integrity, and confidentiality of customer data:
- Monitoring
- To meet SOC 2 Type 2 compliance, we had to prove that processes and procedures are in place to actively monitor any unusual activity or configuration changes within our system in line with all user access levels. In the cloud infrastructure, this means creating a baseline of normal system activity to adequately flag any abnormal activities - ensuring that we’re able to detect any potential threats from external or internal sources.
- Alerts
- Second, we needed to demonstrate that we have proper alerting procedures in place to immediately warn us of any unauthorized access to customer data, so that we may respond accordingly. Specifically, SOC 2 Type 2 requires proof of alerting for unauthorized access of:
- Exposure or modification of data, controls, or configurations
- File transfer activities
- Privileged filesystem, account, or login access
- Second, we needed to demonstrate that we have proper alerting procedures in place to immediately warn us of any unauthorized access to customer data, so that we may respond accordingly. Specifically, SOC 2 Type 2 requires proof of alerting for unauthorized access of:
- Audit Trails
- SOC 2 Type 2 also required our ability to provide deep contextual insights on how and where any breaches occurred - meaning that, if a breach were to happen, we have the capabilities to identify the who, what, where, when, and how of the point of attack.
- Actionable Data
- Finally, we needed to prove that - not only are we able to produce thorough audit trails of an attack - we are also able to use actionable data to immediately respond to attacks with the correct course of action. Using host-based monitoring, we’re poised to create informed response decisions based on where the attack originated, where it has traveled, the nature and components of the impact, and what the attack's next move may be.
WHAT DOES THIS MEAN FOR YOU?
It means that, as our partner, you may have the peace of mind that TBConsulting is deeply and proactively committed to the monitoring and security of your data. We chose the more difficult Type 2 certification to truly show that we’ve created proven, sustainable methods of this security for many years to come.