PulseData is dedicated to ensuring the privacy, confidentiality, and availability of the data entrusted to us by our customers. In this dedication we pursue ever-higher standards of security with newer systems, technologies, and practices with regards to data security. Today we are pleased to announce that PulseData has earned our SOC2 Type II compliance report.
SOC stands for System and Organizational Controls and is a framework developed by the American Institute of Certified Public Accountants (AICPA) to provide regular, independent attestation and verification of the controls that a company has implemented to mitigate information-related and data-related risk.
SOC2 reports have two versions: Type I, and Type II.
Type I captures the protections and controls of a business at a single point in time, allowing for verification of policies and systems.
Type II tracks and monitors these protections and controls of a business over a period of time, which verifies not only the policies and systems but also verifies that they are used according to policy during day-to-day activities.
Achieving our SOC2 Type II compliance means that we are following through on our dedication to continue to safeguard our client’s data, as well as our own data.
The SOC2 report is the standard bearer for cybersecurity attestation. A SOC2 compliant business is awarded a badge when a third party auditor verifies that they implement proper physical, technical, and administrative protections to secure their infrastructure and information.
With our auditor’s attestation of our SOC2 Type II compliance we display the AICPA SOC badge on our website, proud to have earned this badge reflecting our commitment to our clients and our understanding of the importance of ensuring safety and security in data storage and management.
In a SOC 2 Type II audit, the business books an examination of the policies, procedures, and systems they have in place to protect information across five distinct categories referred to as “Trust Services Criteria.”
The auditor requests evidence submissions from certain days and times over the course of the audit period (minimum three-months) and then reviews this evidence to determine whether or not the business has satisfied the criteria.
Controls that protect against unauthorized access or damage to systems as well as unauthorized disclosure of confidential or proprietary information. Examples of these criteria include endpoint protection and network monitoring.
Controls that ensure systems operations and availability at a level that meets stated business objectives. Examples of these criteria include performance monitoring and disaster recovery solutions and policies.
Controls that ensure systems perform in a predictable, efficient, and error-free manner. Examples of these criteria include software development lifecycle management and quality assurance procedures.
Controls that protect confidential information throughout its lifecycle from initial ingestion to processing and finally to disposal. Examples of these criteria include encryption policies and identity and access management solutions.
Controls specific to protecting personal information, especially that which is captured and collected from customers or clients. Examples of this control include privacy policies and client consent management.