>> 2 min read <<

What SOC 2 Compliance Means for Your Cloud Data

Companies of all sizes and across all industries are investing in cloud computing resources, but there is still apprehension around the level of data security in the cloud. This makes perfect sense: IT departments and consumers should be mindful of how their critical cloud data is being protected.

The good news is that today’s major cloud vendor players are on the same side, going through extensive audits and other regulations to ensure that their customers’ data is as secure as possible. With all the security regulations for cloud vendors, the cloud may actually become a safer place to store data than on-premises software (i.e., software that is installed and run within the physical location of an organization).

At Inkling, for example, we recently completed the (fittingly) long process to become SOC 2 Type 2 compliant.

What is SOC 2 compliance?

SOC 2 Type 2 compliance is crucial–if not required–for any vendor to work with larger, enterprise-level organizations. This level of compliance is verified by an independent audit firm,

examining the company’s methods and process of security, availability, processing integrity, confidentiality, and privacy against a pre-defined standard set by the American Institute of Certified Public Accountants (AICPA).

As enterprise organizations have more stringent data security standards, vendors that are SOC 2 Type 2 compliant have a leg up over vendors who are SOC 1 compliant (or, worse, not compliant with any security standards).

What’s the difference between SOC 1 and SOC 2 compliance?

There is a common misconception in the industry as to the difference between these types of compliance. SOC 1 (or SAS 70, or SSAE15) compliance is more focused on the security of the financials of a cloud vendor. A vendor with SOC 1 compliance means that the vendor created a set of criteria and then passed the audit. In other words, the vendor creates the test that it needs to pass.

SOC 2 compliance tests if there are information security controls around the data. It’s a newer audit and is much more comprehensive compared to a SOC 1 audit. It is a third-party verification process that validates a company’s compliance to a set of objective standards. The standards are based on AICPA criteria, to ensure that your cloud-based data is protected.

The takeaway is clear: If you’re a major enterprise company, or a company that cares deeply about the security of your cloud-based data, seek a vendor with SOC 2 compliance.

Explore Categories

NewsOperations Efficiency

Brandon Hall Excellence Conference: “Orange” you curious what happened?

January 30, 2019

Uncategorized
The Brandon Hall Group HCM Excellence Conference occurred last week in West Palm Beach, where HR professionals gathered together to discuss leading HCM practices to implement within their organizations. In >>>

Interactive Guide: Finding an LMS your employees will love

December 18, 2018

Best Practices, eBook, Uncategorized
Let’s be candid: few organizations have a love affair with their current LMS, and even fewer employees would say they are a fan or admirer. In fact, most learners would swipe left when >>>

Employee Learning: Turn the Forgetting Curve into Retention

November 27, 2018

Best Practices, Uncategorized
Do you remember the Forgetting Curve? You’ll be forgiven if the details of this mathematical curve have slipped your mind, but its continued importance in today’s learning and training environments cannot be overstated. >>>