The SOC 2 Effect: Elevating Security and Trust in Netography Fusion
Raymond Kirk, Product Manager
Satisfying the System and Organization Controls 2 (SOC 2) criteria is a significant milestone for any organization, and we’re thrilled to announce that we have received our SOC 2 report for our Netography Fusion® Network Defense Platform (NDP).
If you’re unfamiliar with a SOC 2 report, it is part of a suite of reports created by the American Institute of CPAs (AICPA) that document a service organization’s systems and controls. There are three types of reports:
- SOC 1: Describes the service organization’s internal controls over financial reporting
- SOC 2: Describes in detail the service organization’s controls relevant to security, availability, processing integrity, confidentiality, and privacy of their information systems
- SOC 3: Summary of the information contained in the SOC 2 report
This blog provides an insider’s perspective on the rigorous compliance process: what it is and the benefits to our customers from Netography’s earning our SOC 2 report.
SOC 2 Criteria
There are five Trust Services Criteria an auditor uses to evaluate an organization’s compliance. Created in 2017, they consist of over 60 individual requirements that cover:
- Security: Preventing unauthorized data access from inside or outside an organization
- Availability: Ensuring systems are robust and scalable to ensure consistent access to data
- Processing integrity: Guaranteeing operational efficiency of the systems used to process the data
- Confidentiality: Protecting confidential data by limiting its access, storage, and use
- Privacy: Protecting sensitive personal data from unauthorized access
The Compliance Process
To earn SOC 2 compliance, we had to demonstrate competence in each of these areas to an independent auditor.
Even though Netography is a cybersecurity company founded and staffed by subject-matter experts with decades of experience in cybersecurity best practices and building secure cloud environments, achieving SOC 2 compliance was not a trivial experience.
In short, it required retrofitting the extensive data security controls we already had in place to add additional protections to our customers’ data and overhauling our internal practices to meet the audit requirements, and it took months of focused effort for us to accomplish.
The Benefit of SOC 2 to Our Customers
Too often, customers of any service provider have to take as an article of faith their vendor’s ability to protect their data. With SOC 2 compliance, our customers can rest easier knowing that we have met the gold standard for demonstrating data security. (Yes, I know, breaches happen in organizations that pass audits, don’t come @ me!)
The SOC 2 report provides the documentation to our customers and partners that we have implemented rigorous controls and processes to ensure the security and availability of confidential data.
Crossing the Finish Line
I have to admit, receiving the audit reports felt like we had finally crossed the finish line in a marathon after we’d been training for months and months, validating all the hard work and focus that our engineering team put in.
This SOC 2 journey has been more than meeting minimum requirements – it’s about demonstrating to our customers that we will do whatever it takes to protect their data and that we are worthy of their trust.