What SOC 2 Compliance Means for Your Cloud Data

Companies of all sizes and across all industries are investing in cloud computing resources, but there is still apprehension around the level of data security in the cloud. This makes perfect sense: IT departments and consumers should be mindful of how their critical cloud data is being protected.

The good news is that today’s major cloud vendor players are on the same side, going through extensive audits and other regulations to ensure that their customers’ data is as secure as possible. With all the security regulations for cloud vendors, the cloud may actually become a safer place to store data than on-premises software (i.e., software that is installed and run within the physical location of an organization).

At Inkling, for example, we recently completed the (fittingly) long process to become SOC 2 Type 2 compliant.

What is SOC 2 compliance?

SOC 2 Type 2 compliance is crucial–if not required–for any vendor to work with larger, enterprise-level organizations. This level of compliance is verified by an independent audit firm,

examining the company’s methods and process of security, availability, processing integrity, confidentiality, and privacy against a pre-defined standard set by the American Institute of Certified Public Accountants (AICPA).

As enterprise organizations have more stringent data security standards, vendors that are SOC 2 Type 2 compliant have a leg up over vendors who are SOC 1 compliant (or, worse, not compliant with any security standards).

What’s the difference between SOC 1 and SOC 2 compliance?

There is a common misconception in the industry as to the difference between these types of compliance. SOC 1 (or SAS 70, or SSAE15) compliance is more focused on the security of the financials of a cloud vendor. A vendor with SOC 1 compliance means that the vendor created a set of criteria and then passed the audit. In other words, the vendor creates the test that it needs to pass.

SOC 2 compliance tests if there are information security controls around the data. It’s a newer audit and is much more comprehensive compared to a SOC 1 audit. It is a third-party verification process that validates a company’s compliance to a set of objective standards. The standards are based on AICPA criteria, to ensure that your cloud-based data is protected.

The takeaway is clear: If you’re a major enterprise company, or a company that cares deeply about the security of your cloud-based data, seek a vendor with SOC 2 compliance.

Explore Categories

NewsOperations Efficiency

Q&A with Eduardo Salas: Learning Is Not a One-Time Event

April 21, 2016

Best Practices, Uncategorized
"Learning" may just seem like the latest corporate buzzword, but in our fast-changing work landscape, the value of employee education shouldn't be underestimated. As the skills required to stay competitive expand and become more >>>

7 Innovative Thinkers Who Will Up Your Knowledge Management Game

Chief Learning Officers (CLOs) are increasingly expected to wear multiple hats. From strategizing employee development to integrating new knowledge management tech to fostering a supportive company culture, keeping up with the latest thought leaders on >>>

CIOs, Here Are 3 Innovative Information Tools You Need to Watch

Knowledge is at the core of every organization's success. From operations to marketing to HR, the way people access and share information in your company plays a large part in whether you're leading >>>