INtelligent Direct: What Does SOC Certification Mean for Marketers?
After a security audit in September 2019, Infinity Direct became SOC 2 – Type II certified. We are very proud to be certified as a commitment to our valued clients who trust us to handle their data in compliance with SOC 2 – Type II standards.
So what does this certification mean for marketers? It means we put our money where our mouth is as we have an ongoing commitment to security and privacy. If you’re not familiar with what a SOC certificate means, read on.
The American Institute of CPAs (AICPA) Service Organization Control (SOC) compliance reports on various organizational controls related to security, availability, processing integrity, confidentiality and privacy. Outside auditors issue SOC certification after a thorough audit process that can be time consuming. The AICPA started out in 1887 as a certified professional accountant (CPA) membership organization that established accountancy as a profession and developed standards, a code of ethics, a licensing status and a regulation facilitator before legislative bodies.
Since the AICPA was central to how to secure financial data on a large scale, it only made sense that they regulate sensitive data in the digital age, so they developed an audit and reporting process for businesses to follow to protect sensitive information in the financial industry.
SOC certifications come in three levels: SOC 1, SOC 2 and SOC 3.
- A SOC 1-certified service organization reports on the organization’s controls related to clients’ financial reporting.
- A SOC 2-certified service organization is appropriate for businesses whose regulators, auditors, compliance officers, business partners and executives require documented standards.
- SOC 3-certified service organizations reports are a simplified SOC 2 but with less formal documentation and is mainly for businesses with less regulation and oversight.
SOC 1 and SOC 2 reports have two types: Type I and Type II.
- Type I reports on a snapshot of policies and procedures in operation at a specific moment in time.
- Type II reports on a collection of policies and procedures over a specific time period and is evaluated a minimum of six months. This is a much more difficult certification to get.
The SOC 2 protocol is designed for more technical service providers that handle data in a cloud environment, data center and software as a service (SaaS) organizations. Infinity Direct falls into this category because we handle vast amounts of sensitive customer data for all clients, but specifically our clients in the financial and healthcare industries that require an elevated security protocol.