Prodoscore Successfully Completed the Service Organization Control (SOC) 2 Type Audit
IRVINE, CA – April 1, 2018 – Prodoscore, the leading productivity measurement platform for enterprises using cloud platforms, announced it has successfully completed the Service Organization Control (SOC) 2 Type audit.
A leading independent auditor, Bala & Co. conducted the audit, which verifies that Prodoscore’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality.
“Completing the SOC 2 Type 2 audit demonstrates our ongoing commitment to security and underscores the investment we’ve made to keep our customers’ data and systems safe,” said Harprit Bhui, Prodoscore VP of Product and co-founder. “Our customers rely on us to secure their data, organizations faced with compliance requirements around sensitive data, like PCI, PII, and IP, can leverage Prodoscore’s SOC 2 Type 2 as part of their compliance strategy.”
Why is SOC 2 Type 2 Important to Our Customers?
Service providers must demonstrate that they have adequate controls of data protection technologies and processes. The SOC 2 Type 2 report puts strict audit requirements in place and sets a high bar with a more meaningful audit standard then SAS70 or SSAE 16 SOC 1. The same audit report used by Amazon Web Services and Google, SOC 2 validates the security of infrastructures and services and is rapidly becoming an industry standard.
The certification sets Prodoscore apart from other ISVs in the growing cloud ecosystem. Our customers, which range from the world’s largest enterprises to SMBs, can be assured that the highest level of internal controls and security are established and maintained.
The importance of auditing is also recognized and encouraged by Gartner. “Cloud computing is a powerful tool for IT and businesses. Public cloud computing can be adopted safely and sanely. However, enterprises must do their homework, and avoid taking blind leaps of faith; otherwise, they will run huge risks with their mission-critical data, applications and processes,” said Gene Phifer and Jay Heiser in their report Look Before You Leap Into Cloud Computing, 12 June 2013.
About SOC 2 Type 2
The Service Organization Control (SOC) 2 Report is performed in accordance with AT 101 and based upon the Trust Services Principles. The Trust Service Principles which SOC 2 is based upon are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles has defined criteria (controls) which must be met to demonstrate adherence to the principles and produce an unqualified opinion (no significant exceptions found during the audit).
The audit includes a full assessment of:
- Security: Data centers are protected against unauthorized access (both physical and logical).
- Availability: Data centers are available for operation and use as committed or agreed.
- Processing integrity: Processing is complete, accurate, timely and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with privacy principles issued by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
Trust principles predefine the criteria businesses must meet, making it easier for business owners to know what compliance needs are required and for users of the report to read and assess the adequacy.
For more information about SOC 2 audits, see the American Institute of Certified Public Accountants website.