RESULTS Technology has successfully completed the SSAE 18 SOC 2 compliance for 2018. SSAE 18 (Statement on Standards for Attestation Engagements No. 18) is the gold standard for the validation of a service organization’s operations and procedures. RESULTS is audited annually in nine specific areas including all aspects of data and physical security, data backup, network monitoring, change management and systems maintenance.
Successfully completing the SSAE 18 audit demonstrates that we are committed to best practices and continually ensure our process management meets the highest industry standards. Our ability to successfully pass this rigorous, in-depth audit verifies RESULTS has the proper controls and processes in place to deliver the high-quality services our customers expect.
The completion of the audit is of particular importance to RESULTS’ financial services customers for which SSAE 18 compliance is often a requirement. The audit was completed, Oread Risk and Advisory, LLC.
This audit standard provides our customers assurances that RESULTS follows the controls and procedures we have in place. This transparency assures our customers and their auditors that RESULTS provides confidential, secure and quality managed services.
What Does This Mean?
SOC refers to Service Organization Controls. These are comprised of a series of standards designed to help measure how well a given service organization controls its information. SOC 2 concerns the internal controls in place at the service organization. For a company to receive SOC 2 certification, it must have sufficient policies and strategies that satisfactorily protect the client’s data.
SOC 2 is designed for more advanced IT service providers. These can include IT managed service providers, cloud computing vendors, data centers, Software-as-a-Service companies and more.
The SOC 2 framework includes five key sections, forming a set of criteria called the Trust Services Principles. These include:
- The security of the service provider’s system.
- The processing integrity of this system.
- The availability of this system.
- The privacy of personal information that the service provider collects, retains, uses, discloses and disposes of for user entities.
- The confidentiality of the information that the service provider’s system processes or maintains for user entities.
If you are under compliance regulations, you may be required to work only with vendors who have successfully completed this audit. Even if you are not under any compliance regulations, you should still consider requiring this audit from any vendor who has access to your company’s data.