Is your data (or your clients’) being protected by your service provider? Do you depend on other partners to manage or store personal data such as health or financial information? Then knowing something about SOC 2 compliance is worth your time.
What is SOC 2?
SOC 2 is an auditing procedure that ensures secure management of data to protect the interests of your organization and the privacy of its clients. Protecting customer data from unauthorized access is a priority for Fineline.
Why is SOC 2 Important?
When a service provider is SOC 2 compliant, it signifies they implement proper security systems to ensure security, availability, processing integrity, confidentiality, and privacy of customer data.
Service Organization Control 2 (SOC 2) is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. SOC 2 is a technical auditing process and certification that measures security and availability and serves as an assurance to customers that their data is being managed in a controlled and audited environment.
Who needs SOC 2?
SOC 2 compliance is essential for technology-based service organizations that store customer data in the cloud. This makes it applicable to most SaaS businesses, and any business that relies on the cloud to store its customers’ information.
Fineline has committed to SOC 2 Type 2 compliance in 2020. It’s our responsibility to securely store customer data. How do we prove to customers we’re doing that? That’s where a SOC 2 engagement comes in. A SOC 2 Type 2 audit is just a way to get third-party verification that we are operating with security controls in place—all for the purpose of securely storing customer data.
What is required for SOC 2?
SOC 2 requires that you develop security policies and procedures that encompass: security, availability, processing integrity, confidentiality, and privacy of data stored in the cloud.
Fineline asked Katz, Sapper & Miller (KSM) to perform a SOC 2 Type 2 Compliance Audit mapped to the HITRUST CSF and report on their findings. Their report will document what Fineline has done to put in place well-defined policies, procedures, and practices — not just ticking all the compliance checkboxes.
So, you may be asking yourself, why is a printing company concerned with SOC 2?
- Customers trust us with data that sometimes includes personal information. Fineline has transformed itself from a manufacturer who just puts ink on paper (which we still do a lot of) to a technology provider of data management, mailing and fulfillment solutions of protected data.
- It builds trust. It’s the gold standard for any service organization because it independently verifies the existence and effectiveness of our administrative and technical controls. It’s not a certificate, it’s a detailed audit report.
- It allows Fineline to securely serve the Healthcare, Financial and Insurance industries where we manage & store millions of data points….securely and safely.
There is so much more to compliance than simply following the rules. Making compliance a part of our DNA means that we not only understand the requirements for all of our contracts but also how each of us plays a critical role in upholding our commitments to our customers.
We believe, continuing to make compliance an integral part of our culture is critical to our long-term success—and our customers.
By Guy Vreeman, Fineline Director of Security and Compliance