Skip to content
Article

Atlantic BT Becomes SOC 2 Type I Certified. What’s Next?

Services Organization Control 2 (SOC 2®) is a thorough technical audit that requires companies to follow strict security procedures. Attaining a SOC 2® report ensures that Atlantic BT is providing safe cloud environments for our clients, both protecting their private data and having a plan of action for detected threats.

While Atlantic BT completed a SOC 2® Type I Audit examination on April 1st 2019, we are currently pursuing SOC 2® Type II. Our goal is to give clients peace of mind with our cloud solutions, educate on security measures, and continue to stay up-to-date with industry standards to prevent future threats.

Type I vs. Type II: What’s the Difference?

SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide. The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design of its internal controls.

Type I and Type II both involve reporting controls and processes related to five principles: Privacy, Security, Availability, Processing Integrity, and Confidentiality. Atlantic BT is focusing on Security, Availability, and Confidentiality.

The primary difference is that Type I confirms our security controls at a single point of time, assuring that all of the proper policies and procedures are in place. On the other hand, Type II spans over six months, assuring that these processes are effectively working.

How Atlantic BT Became SOC 2® Type I Certified

SOC 2® Type I is a starting point that paves the way for Type II. Some examples of the measures we took to achieve our Type I certification include:

  • Use of encryption protocols to protect customer data
  • Designing with tiered access for client accounts
  • Ongoing management of capacity demand
  • Required internal training courses to help employees spot suspicious activity

Skoda Minotti, an international business advisory firm, was selected to conduct the final audit. Atlantic BT received its SOC 2® Type I certification after thorough testing and review.

We were excited to work with Atlantic Business Technologies from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.

Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group

What This Means For Partners

It is a requirement for many companies to work with SOC 2® compliant software partners. Businesses handling sensitive data or working in highly regulated industries, for example being subjected to HIPAA compliance regulations, are required to work with SOC 2® compliant providers.

In general, any security-conscious business can count on the rigorous auditing process to hold companies to a high standard.

What’s Next for ABT?

Atlantic BT will undergo audits on an annual basis to maintain their SOC 2® report and continue to apply best practices by maintaining logs of their application of these SOC 2® controls, policies, and procedures to ultimately achieve SOC 2® Type II. Committed to quality, we will continue this voluntary process to provide top-notch service and expand our capabilities.

The successful completion of our SOC 2® Type I examination audit provides Atlantic BT’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line industry standards and best practices.
    – Matt Lemke, President of Atlantic BT

We are happy to further discuss our SOC 2® certification or help you plan for any of your security needs. If you are interested in learning more about our cloud and cybersecurity solutions, reach out to schedule a free consultation.

The Atlantic BT Manifesto

The Ultimate Guide To Planning A Complex Web Project

Insights

Atlantic BT's Insights

We’re sharing the latest concepts in tech, design, and software development. Learn more about our findings.

Questions & Answers

Are there differences in application architecture that are important for the cloud?
It is important to build applications and workloads specifically for the cloud. You will want to carefully consider what services the cloud provider of your choice has to offer and how your application leverages those services.
Learn More about Are there differences in application architecture that are important for the cloud?
Are there any drawbacks to cloud hosting?
Yes, there will always be some risks associated with any hosting option. You are relying on the resiliency and engineering of infrastructure that has scaled at an astounding rate.
Learn More about Are there any drawbacks to cloud hosting?
What’s the benefit of hosting in the cloud vs. traditional options?
Reasons not to host in the cloud are few and far between. If you don't host in the cloud, you will spend more in both CapEx and OpEx to manage your applications or websites in a traditional environment.
Learn More about What’s the benefit of hosting in the cloud vs. traditional options?
How can I improve the performance of my application?
There are several primary reasons that applications perform poorly, and in some cases it’s a combination of several. 1) Data latency: If your application is making calls to a data source (whether it’s an API or a direct call) and there is latency at the data provider, your application performance will suffer.
Learn More about How can I improve the performance of my application?
Should I move my application to the cloud?
The answer is ‘probably yes’. There aren’t many reasons for an application to be hosted elsewhere, aside from occasional compliance standards, or requirements to integrate with local services that would require large amounts of data to move from on-premise to cloud.
Learn More about Should I move my application to the cloud?
Where should my application be hosted?
There are many different options for hosting, but most applications would do well with one of the cloud providers -- Amazon Web Services, Google Cloud Platform, Microsoft Azure.
Learn More about Where should my application be hosted?
What are some things to avoid when building a new web application?
There are lots of things to avoid when building a web application; but from our experience, #1 on the list is to avoid a bad application developer. The biggest problem when you engage with a bad application developer is that you won’t know until it’s too late.
Learn More about What are some things to avoid when building a new web application?