Compliance – SOC 2 Type II
We’re SOC 2 Type II certified!
Brac Informatics Centre (BIC) maintains compliance and annual SOC 2 Type II certification for both our Data Centre infrastructure and our SaaS platforms.
To achieve this SOC 2 Type II certification the following areas of BIC’s facilities, systems, policies, and practices are audited on an annual basis:
-
- Data Centre: The physical facility, security and environmental controls and operations.
- Infrastructure: Power, network, and systems security and availability.
- Software: Application development, provisioning and support controls and operations.
- People: The personnel involved in the operation and use of systems and applications.
- Procedures: The automated and manual procedures involved in the operation of systems and applications.
- Data: Security protocols and controls of data used and managed in the systems and applications.
What is SOC 2 ?
The Service Organization Control (SOC) 2 examination demonstrates that an independent auditing firm has reviewed and examined an organization’s control objectives and activities and tested those controls to ensure that they are operating securely and effectively.
-
- Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data. The SOC 2 certification is issued by outside auditors; they assess and report on the extent to which an organization complies with one or more of the five trust categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) based on their systems and processes.
- There are two types of SOC 2 reports: Type I and Type II. The Type II report is issued to organizations that have audited controls in place and the effectiveness of the controls have been audited over a specified period of time. The Type I report is preliminary to the Type II report and is based on the ability to test and report on design. Type I reports are issued to organizations that have audited controls in place but have not yet audited the effectiveness of the controls over a period of time.
Why is SOC 2 Type II important to our clients and their customers?
It provides a level of confidence and comfort. By working with a SOC 2 Type II certified organization like BIC, users ensure that data is kept secure through the consistent implementation of standardized controls.
How does it impact data centre infrastructure?
Data centre services such as managed services, hosting, and colocation developed by a SOC 2 certified organization must be developed following audited processes and controls. Services designed, implemented, tested, and monitored under these audited processes and controls ensure the highest level of trust and security.
How does it impact software?
Software developed by a SOC 2 certified organization must be developed following audited processes and controls. Software developed, reviewed, tested, and released under these audited processes and controls ensures the highest level of trust and security.