How can you really be sure your data is in the hands of a trustworthy software provider?
The System and Organization Control (SOC) 2 reporting requirements, developed by the American Institute of CPAs, were set in place to evaluate an organization’s information systems based on five categories of Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy of customer data. Designed for technology-based services providers that potentially store customer data in the cloud, the SOC 2 report is a rigorous and comprehensive technical audit conducted by a third-party CPA firm that evaluates information security policies and procedures.
Essentially, we got put through the ringer of compliance and won the battle.
SOC 2 reports are unique to each organization. In line with our specific business practices, our report covers the service commitments and system requirements achieved based on relevant security, availability, processing integrity, and confidentiality. Let me break each of the five trust services criteria down for you:
Security: Information systems are protected against unauthorized access and disclosure of information, as well as compromising changes. Access controls help prevent potential system abuse, theft, or misuse of data. Wordsmith integrates with security tools and single sign-on providers so you can control how users authenticate, including two-factor authentication.
Availability: This looks at how accessible our services, products, and systems are based on service level agreements. This ensures Wordsmith will be up and running as needed. All information systems are ready and available for operation and use to meet your objectives.
Processing Integrity: We process data the way we promise in a timely manner with the authorization, price, and performance agreed upon. Processing integrity means Wordsmith does what it’s meant to do. It performs completely and accurately to meet objectives—delivering the right insights to the right people at the right time.
Confidentiality: Wordsmith is properly protected. Confidentiality pertains to data with limited viewer access and involves encryption, controls, and network and application firewalls. The information you designate confidential remains secure.
Privacy: The privacy component addresses a system’s collection, use, retention, disclosure, and disposal of personal information. Because we don’t store customer data, Automated Insights is only audited on four out of the five trust services criteria, not including privacy.
Last Thursday, we announced the achievement of our first SOC 2 Type II report. This milestone in our dedication to data protection comes six months after issuing our SOC 2 Type I report. What’s the difference, you ask? SOC 2 Type I describes our system and whether or not it’s suitable to meet the relevant trust principles. SOC 2 Type II takes it a significant step forward and deep dives into the details of Wordsmith’s operational effectiveness over a period of time.
SOC 2 compliance isn’t a requirement for SaaS and cloud-based vendors, but its role in securing your data can’t be emphasized enough. It’s an outstanding achievement for business owners because, after a voluntary, months-long auditing process, our clients get peace of mind that we can deliver what we promise. Wordsmith is safe and secure. We’ve worked with sensitive data in highly regulated industries, including healthcare, government, and finance, for over a decade. Our SOC 2 Type II report validates and verifies to our clients that we have been, and will continue to be, committed to data security best practices. We hold ourselves to the highest standards.
The bottom line: SOC 2 compliance is a strong differentiator not taken lightly.
According to Forrester, “By the end of 2019, all enterprise BI deployments will include NLG.” With the field of natural language generation increasing, it’s more important than ever to select a provider who’s going above and beyond to protect your data.