With many businesses shifting to remote work, you are likely wondering about the security and safety of your software applications and data. TopLine Results completed the SOC 2 Type 1 audit this past month and has been compliant since 2013. The SOC 2 Type 1 audit provides independent reporting and assurance about controls at a service organization relevant to security, availability and confidentiality. This applies to both the systems the service organization uses and the information processed by these systems. The licensed CPA firm that completed this audit was A-LIGN of Tampa, Florida. The SOC audit serves as confirmation that TopLine handles its customers with great care and monitors its security diligently.
A SOC audit, or Service Organization Control audit, examines 5 key service controls within an organization: security, availability, processing integrity, confidentiality, and privacy. The independent CPA firm conducting the audit thoroughly reviews the organization's policies and procedures. In performing a rigorous audit of security practices, cyber-security attacks safeguards, and thousands of records, the SOC audit serves as confirmation that the policies governing both the organizations’ data and their customers’ data are followed.
Below are just some of the items which were reviewed and analyzed:
- Integrity and ethical values
- Commitment to competence
- Subservice organization examination
- Management’s philosophy and operating style
- Organization structure and assignment of authority and responsibility
- Human resources policies and practices
- Process to identify and manage risks which could affect client organizations
- Trust services principles and criteria
- Security: The system is protected against unauthorized access (both physical and logical)
- Availability: The system is available for operation and use as committed or agreed
- Confidentiality: Information designated as confidential is protected as committed or agreed
- Management monitors controls to ensure proper operation and evaluate for needed modification
- Quality assurance review and training as warranted
- Information and communications systems
- Information systems including anti-virus and spam filters and network monitoring
- Internal communication within the service organization
Complementary user entity controls
- Clients are required to establish their own controls to ensure they are benefitting from the established policies of the control organization. Such controls include:
- Understanding and complying to contractual obligations with the service organization
- Establishing their own internal controls such as user ID and password protection and disaster recovery planning
For more information about the SOC audit, or to view a copy of our most recent report, email us at email@example.com. We are happy to share it.