SWK Technologies been officially certified for SSAE SOC 2 compliance on our managed services and solutions by an independent audit that has reviewed said operations against the requirements set by the American Institute of Certified Public Accountants (AICPA). These standards ensure that an organization such as SWK is able to fulfill the commitments outlined in Service Level Agreements (SLAs) and other written agreements with customers, including implementing compliant security and privacy controls. This means that
What is SOC 2?
The SOC 2® designation itself stands for System and Organization Controls (or Service Organizations Controls), level 2. There are three levels of SOC certification under the AICPA SSAE (Statement on Standards for Attestation Engagements) auditing standards, with two additional sublevels of report for each – Type 1 and Type 2.
An audit is tailored to each report level and Type within its scope and the guidelines required:
- SOC 1 – Internal Control over Financial Reporting (ICFR)
- SOC 2 – Trust Services Criteria
- SOC 3 – Trust Services Criteria for General Use
Trust Services Criteria
For SOC 2 compliance, organizations must meet the Trust Services Criteria for their service commitments and system requirements as outlined in the audit report, being able to demonstrate fulfillment of the following:
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
Service Commitments & System Requirements
As a SOC 2 compliant organization, SWK Technologies demonstrates suitability of security, availability, processing controls, confidentiality and privacy controls for the following processes and assets:
System Components
SWK’s systems were reviewed for compliance with AIPCA’s established standards at all levels, including:
- People & Processes
- Primary Infrastructure
- Software
- Data Centers
- Physical Security
- Network Security Architecture
- Customer Data Backups
- Infrastructure & Network Availability
- Change Control
- Communications
Control Environment
SWK’s internal controls were reviewed for compliance with the following trust principles:
- Integrity & Ethical Values
- Commitment to Competence
- Management Philosophy & Operating Style
- Organizational Structure & Assignment of Authority & Responsibility
- Human Resource Policies & Practices
Risk Assessment
The audit reviewed SWK’s risk assessment processes as well as management procedures taken to address potential risks in these areas:
- Operational Risk
- Strategic Risk
- Compliance
SWK’s risk assessment and management controls were also reviewed for the potential to breach any of the Trust Services Criteria, from individual or combination of factors, and any additional controls implemented in response to these risks.
Information & Communication Systems
Internal information and communication systems and procedures at SWK were as audited as vehicles of identifying, capturing and exchanging information, including through the use of various technology platforms. Processes were reviewed for factors such as which the way in which data was relayed and how security policies were disseminated.
Monitoring Controls
Monitoring activities to measure and report on those controls outlined above were reviewed for additional factors, including the following:
- Corporate governance evaluation
- Quality assurance of existing controls
- Corrective actions for deviations
- Reporting deficiencies
SOC 2 Compliance for Your Data
The certification of SWK Technologies means that we will apply the SOC 2 compliance of our managed services, solutions and data centers onto the network and data assets we host for our customers. This ensures the security, availability, processing integrity, confidentiality and privacy of all systems and data stored and processed through our Secure Cloud Hosting services to regulatory standards. The solutions this extends to include:
- Software we manage in an application hosting environment, including ERP and accounting systems
- IT infrastructure hosted with IaaS, including servers, network assets and storage space
Learn More About SOC 2 Compliance & Information Security Controls
Discover the cybersecurity and reliability difference SOC 2 delivers to your business, and how SWK Technologies is able to fulfill these needs and more with our managed services for IT, cloud and security demands. Get in touch with our experts to learn more about the impact that data regulations have on your business and how we can help you meet these compliance standards.
Contact SWK here to learn more about SOC 2 compliance and what it means for your business, and how we can help you maintain the integrity of your systems and data against both cyber threats and in the face of stricter regulations.
Get More Info on SOC 2