Services Organization Control 2 (SOC 2®) is a thorough technical audit that requires companies to follow strict security procedures. Attaining a SOC 2® report ensures that Atlantic BT is providing safe cloud environments for our clients, both protecting their private data and having a plan of action for detected threats.
While Atlantic BT completed a SOC 2® Type I Audit examination on April 1st 2019, we are currently pursuing SOC 2® Type II. Our goal is to give clients peace of mind with our cloud solutions, educate on security measures, and continue to stay up-to-date with industry standards to prevent future threats.
Type I vs. Type II: What’s the Difference?
SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide. The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design of its internal controls.
Type I and Type II both involve reporting controls and processes related to five principles: Privacy, Security, Availability, Processing Integrity, and Confidentiality. Atlantic BT is focusing on Security, Availability, and Confidentiality.
The primary difference is that Type I confirms our security controls at a single point of time, assuring that all of the proper policies and procedures are in place. On the other hand, Type II spans over six months, assuring that these processes are effectively working.
How Atlantic BT Became SOC 2® Type I Certified
SOC 2® Type I is a starting point that paves the way for Type II. Some examples of the measures we took to achieve our Type I certification include:
- Use of encryption protocols to protect customer data
- Designing with tiered access for client accounts
- Ongoing management of capacity demand
- Required internal training courses to help employees spot suspicious activity
Skoda Minotti, an international business advisory firm, was selected to conduct the final audit. Atlantic BT received its SOC 2® Type I certification after thorough testing and review.
We were excited to work with Atlantic Business Technologies from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.
– Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group
What This Means For Partners
It is a requirement for many companies to work with SOC 2® compliant software partners. Businesses handling sensitive data or working in highly regulated industries, for example being subjected to HIPAA compliance regulations, are required to work with SOC 2® compliant providers.
In general, any security-conscious business can count on the rigorous auditing process to hold companies to a high standard.
What’s Next for ABT?
Atlantic BT will undergo audits on an annual basis to maintain their SOC 2® report and continue to apply best practices by maintaining logs of their application of these SOC 2® controls, policies, and procedures to ultimately achieve SOC 2® Type II. Committed to quality, we will continue this voluntary process to provide top-notch service and expand our capabilities.
The successful completion of our SOC 2® Type I examination audit provides Atlantic BT’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line industry standards and best practices.– Matt Lemke, President of Atlantic BT
We are happy to further discuss our SOC 2® certification or help you plan for any of your security needs. If you are interested in learning more about our cloud and cybersecurity solutions, reach out to schedule a free consultation.