Media Room

Date: 5/15/2019

InfoSystems Achieves SOC 2 Compliance, a Gold Standard in Data Security

InfoSystems recently received System and Organization Controls (SOC) Type 2 compliance certification, a designation developed by the American Institute of Certified Public Accountants (AICPA) to provide external validation of security processes for businesses managing sensitive data.


Over the course of six months, InfoSystems was audited on approximately 130 controls out of the total 186 controls the AICPA has set forth. (Controls not addressed during the audit were not applicable to InfoSystems' service offerings.) The audit is performed in arrears, meaning a company seeking this certification must have proper systems in place in advance of the audit period.


“We were evaluated on everything from data encryption, security training for our staff, alerting and monitoring systems, business continuity, incident response, policies and procedures, and physical security, all the way to background checks for our employees,” said Fred Cobb, Vice President of Cloud Services at InfoSystems. “Going through the SOC 2 audit was a lengthy process, but it’s one we were confident that we could achieve due to our commitment to security and compliance.”


The SOC 2 compliance certification must be renewed annually, and a company seeking to maintain the SOC 2 certification must be re-audited every year.


According to Cobb, as more companies migrate to managed services and cloud computing, data security is an ever-present concern.


“One of the hesitations we often hear is that customers feel they are giving up control of their data as they move information to the cloud,” said Cobb. “By seeking out this third-party validation, we are able to help current and prospective customers see that their data is safeguarded and that we are committed to the utmost level of integrity in our services.”