SOC stands for “system and organization controls,” and the controls are a series of standards designed to help measure how well a given service organization conducts and regulates its information and internal processes. The purpose of SOC standards is to provide confidence and peace of mind for organizations when they engage third-party vendors, like ITS Fiber, for critical level services (i.e. Data Center or Cloud Services).
The AICPA created the SOC guidelines to provide an authoritative and independent benchmark for service organizations to demonstrate implementation of proper control procedures and practices.
The SOC 2® examination is the assessment of an organization’s controls as they relate to the AICPA’s (American Institute of Certified Public Accountants) five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. It requires companies to establish and follow strict policies and operating procedures that adhere to these principles and guidelines.
An organization that has completed a SOC 2 examination and report has been audited by an independent certified public accountant who determined the firm has the appropriate SOC safeguards and procedures in place. More specifically, SOC 2 examinations focus on how client data is stored and protected, and is a more technical, security-focused report than a SOC 1.
The SOC 2 report is the result of this examination and can be given to clients, prospects, business partners or regulators who have a need for insight into the company’s operations on an as needed basis, but the details of the report are not to be marketed to the public.
The Type 2 level of examination not only looks at the policies and procedures in place at a given point in time, but also validates their effectiveness over a six-month or more extended time period.
ITS Fiber’s SOC 2 Type 2 Examination and SOC 3 Report
As previously stated, the SOC 2 examination focused on ITS Fiber’s adherence to the five Trust Service Principles and Criteria set forth by the American Institute of Certified Public Accountants (AICPA). These principles are Security, Availability, Processing Integrity, and Confidentiality and Privacy.
Through the security compliance examination process, ITS Fiber demonstrated they are committed to providing the highest quality data center, cloud and broadband solutions and their technology and procedures go beyond security best practices. As part of the security attestation process, an independent third-party audit firm confirmed that ITS Fiber’s security policies, procedures, and operation rigorously protect the consumer and business data managed by the company and their ITS Fiber Data Center.
What is also notable about our most recent SOC 2 evaluation is the amount of specific and new criteria needed to acheive a completed report was almost double from previous years.
Our SOC 3® Report
The SOC 3 report assessments cover the same subject matter as a SOC 2 and ITS Fiber’s commitment to practicing the most rigorous security and operational procedures for customer’s critical data and privacy. However, its use and distribution are not restricted. The description of the system is less detailed than a SOC 2, and is primarily used for marketing purposes. The SOC 3 report is designed to meet the needs of users who need assurance about the controls at a service organization, but do not have the need for or the knowledge necessary to make effective use of a restricted, lengthy, SOC 2 Report. The SOC 3 reports can be made publicly available via a company’s website.
The SOC 3 report for the general public shows ITS Fiber’s commitment to practicing the most rigorous security and other procedures to serve our customers’ critical data security and privacy needs. It is designed to meet the needs of clients or prospective clients who need assurance about the controls at a service organization, but do not have the need for or the knowledge necessary to make effective use of a restricted, lengthy, SOC 2 Report.