Zift Solutions has completed our annual SOC 2 Type II certification under the Security Trust Principle with AARC-360. We’re committed to protecting our customers’ and partners’ personal information and rights to privacy, especially now when data security is on the top of everyone’s mind. Accordingly, Zift continues to invest in cybersecurity and data protection.
We’re focused on providing world-class availability, security, and privacy controls. As a result, we have achieved a degree of security and operational maturity seen in very few software-as-a-service companies. We are in an exclusive club — Less than 1% of SaaS vendors who have achieved SOC 2 Type II compliance attestation!
Our team has spent the last few months working diligently through a detailed, thorough third-party review, so our organization can be designated as SOC 2-compliant. When a company completes this process, its customers and partners are assured by a third-party that the organization adheres to a strict set of principles around securely managing your data. Zift recently completed this process for the third consecutive year, and again received a “clean report” with no exceptions!
Some of the most common questions we get from customers revolve around security and privacy. We field questions like:
- How do you protect my company’s data from potential threats?
- What critical security controls have you implemented to ensure the security of my company’s data?
- What type of testing is performed to ensure the effectiveness of those security controls?
How can you be sure a service provider has really prepared for all the potential issues? SOC 2 is one of the major frameworks that’s come to the forefront of security discussions as a way to combat issues before they start.
Let’s look at what being SOC 2 compliant means, and why it’s important.
What is SOC 2 compliance?
The Service Organization Control reporting platform was developed by the American Institute of CPAs (AICPA) to help companies get a handle on the complex, diverse security issues out there, and provide a framework for service providers to measure against. SOC 2 compliance covers companies that provide services like data hosting, colocation, data processing and software-as-a-service (SaaS), and is based on five “trust services principles” that reflect different criteria for managing customer data: security, privacy, availability, processing integrity, and confidentiality.
The five SOC 2 principles
The SOC 2 principles double as a great way for customers to organize their thoughts and concerns over data management. To be compliant, service providers must have clear, well-documented, proven strategies for each of these topics:
- Security ensures that system resources are protected against all types of unauthorized access, including network and application firewalls, two-factor authentication and intrusion detection.
- Privacy addresses how the system collects, retains, discloses and disposes of personal information, and how that process aligns with the organization’s privacy notice and with the AICPA’s generally accepted privacy principles (GAPP). It includes access control, two-factor authentication, and encryption.
- Availability looks at how accessible a company’s services, products, and systems are, based on the contracts and service level agreements (SLA) it has. It includes performance monitoring, disaster recovery and security incident handling.
- Processing integrity, at its base, asks if a system achieves what it’s meant to do. Does it process data the way it promises? Does it do so in a timely manner, with authorization, and with the performance and price agreed upon? It involves quality assurance and process monitoring.
- Confidentiality relates to data that has access and/or disclosure limited to specific groups. It involves encryption, access controls, and network and application firewalls.
Why does SOC 2 matter?
It’s important to note that no vendor is required to be SOC 2 compliant; it’s a voluntary process, generally driven by customer demand. Any company that chooses to go down this path has security and privacy as a top priority within the company. After all, the certification process is a months-long endeavor, conducted by impartial outside auditors.
SOC 2 is considered the “gold standard” in compliance for software companies and is well worth the effort. It’s a very tangible way for Zift Solutions to ensure that our data, and our customers’ data, is handled using the strict guidelines mentioned above. It’s more than checking a box; it’s a commitment that goes to the very heart of our relationship with the continuing assurance to our customers and their partners worldwide.\
To learn how your organization can use channel sales, channel marketing, and channel operations together as ONE with ZiftONE, visit us or get in touch.