The certification process involves an audit by a third party to verify that a company is meeting SOC guidelines. Ascendo AI is excited to announce that it has successfully completed a System and Organization Controls (SOC) 2 audit.

Why do we take SOC 2 seriously?

There were 945 data breaches globally in the first half of 2018. That’s 4.5 billion compromised records in just six months! It is more important than ever to take every precaution to keep user data safe. One way that a company can ensure that they keep data safe is by undergoing SOC 2 Certification.

Why is SOC 2 Certification Important?

SOC 2 Certification is vital because it holds businesses to a standard that protects consumer data. It allows the consumer to have peace of mind knowing that a company is vetted and approved.

SOC Certification is essential for companies that store data in the cloud and those that offer SaaS (software as a service) subscriptions. Companies that handle healthcare information fall under patient-protection laws and HIPAA, so having SOC 2 certification and compliance is a good step for them to show they are protecting patients’ information such as when offering medical insurance verification services.

SOC 2 Certification is not required, but it is a way of communicating the degree of care a company takes for the consumer. High-profile data breaches are in the news all the time, and it seems more accessible than ever for criminals to compromise private data.

Companies should test all web applications and software to ensure they stand up to hacking, DDoS attacks, and any other attempts that compromise customer information. When a company does have a data breach, it lowers public opinion of them, and users can experience identity theft. That could ruin their credit or lose them their retirement savings!

It is up to companies who use this data to conduct business to protect their users. A SOC 2 certification can go a long way to building user confidence.

SOC 2 Trust Services Criteria

To pass the SOC 2 audit process, a third party evaluates a company’s system on five SOC 2 Trust Services Criteria including:

1. Security

2. Availability

3. Processing Integrity

4. Confidentiality

5. Privacy

Industry-Standard Accreditation

The SOC 2 audit is one of the highest recognized standards of information security compliance in the world. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls concerning information security. The SOC 2 Audited Report is the auditor’s opinion on how an organization’s security controls meet the SOC 2 criteria.

To obtain our audited SOC 2 Report, a third-party auditor reviewed our internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup and disaster recovery, security incident response, and other critical areas of our business.

Thanks to a company-wide effort at Ascendo, we successfully achieved compliance and received an Auditor’s Report demonstrating that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria.

We believe the relationship with our customers must be built on trust. The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain that trust.

SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs.

If you are interested to learn more about Ascendo AI, contact us