SOC 2 Compliance: Keep Your Data Secure with D3Clarity

Security is one of the most important things in the digital world in which we live. At D3Clarity, we believe secure and trusted information is essential. Even more, trust is not given but earned, which is why we’re excited to share that D3Clarity has successfully completed a Service Organization Controls (SOC) 2 Type 2 audit.   If you don’t know much about SOC 2 compliance, keep reading. This is BIG news! 

What is SOC 2 compliance? 
SOC 2 stands for Systems and Organizations Controls 2, which is a technical security audit and certification based on standards developed by the American Institute of Certified Public Accountants (AICPA). SOC 2 reports are geared towards technology-based companies and third-party service providers that store customers’ data in the cloud. 

To receive SOC 2 compliance, a company develops and documents security policies and procedures that must be followed by everyone in the company. Once the policies and procedures are in place and these things have been tracked, then the company must go through a rigorous audit process by a certified, third-party auditor. 

There are two types of SOC 2 compliance: 

• SOC 2 Type 1: This report describes a company’s security-related systems and processes and confirms they meet necessary industry-standard security and privacy protocols at a given point in time (e.g., as of a specific date, such as January 1). 
• SOC 2 Type 2: This report details the operational effectiveness of a company’s security-related systems and processes over a period of time (e.g., 12 months).

To earn a SOC 2 certification, a company must demonstrate its internal systems are secure, operational, and sufficiently protect customer data. Independent auditors assess companies using the five elements of the AICPA Trust and Integrity Criteria:  

• Security: Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems. 
• Availability: Information and systems are available for operation and use.  
• Processing integrity: System processing is complete, valid, accurate, and timely. 
• Confidentiality: Information designated as confidential is protected. 
• Privacy: Personal information is collected, used, retained, disclosed, and disposed of. 

Why is it important? 
The importance of data security is at an all-time high, with companies announcing new security breaches every day it has never been more imperative to protect customers’ information. 

According to Positive Technologies, Cybercriminals were able to carry out attacks on users in 98 percent of studied web applications. Such attacks can result in the spread of malware, redirection to a malicious site, or data theft through social engineering.  Since cyber attack attempts are so common now, we wanted to be proactive in taking the right steps to protect all data on our platform. 

What does this mean for D3Clarity customers?  As a D3Clarity customer, we want you to know that we take security seriously and are committed to investing in security measures like SOC 2 reports. Your trust is important to us, and you shouldn’t have to worry about the safety of your data.  Being SOC 2 compliant allows our customers to meet the security standards for their larger prospects and clients. For example, some industries like healthcare and government have higher security requirements and expectations than other industries, and often select which businesses to work with based on whether they are SOC 2 compliant. By partnering with D3Clarity you can feel confident in the safety of your data.  

We hope our investment in security measures like SOC 2 reports not only gives you peace of mind but emphasizes our dedication to the safety of your information and the success of your business.