Awardco Security Certification - SOC 2 Type 2 Follow
Awardco's most important concern is the protection and reliability of customer data. Robust security policies are the backbone of operational policy at Awardco and we received certification to prove it.
What is SOC 2?
The SOC 2 certification was developed by the American Institute of CPAs (AICPA) and outlines base criteria for securely managing client data based on five Trust Factors critical to data processing and storage. Adherence to this criteria is assessed by third party auditors and outlines the extent to which an organization complies with each of the five Trust Factors listed below.
- Security - The protection of system resources against unauthorized access. This factor addresses an organization's network/application firewalls, two-factor authentication, and intrusion detection policies.
- Availability - The accessibility of the system and services as outlined by contract or service level agreement. This factor ensures service availability meets or exceeds the minimum acceptable performance level for the system and examines the vendor's performance monitoring systems, disaster recovery processes, and security incident handling processes.
- Processing integrity - Assessment of the accuracy, timeliness, validity, completeness, and authorization of data processing systems. In essence, assuring the right data is delivered at the right time, to the right place. This factor does not include quality assurance elements as it only examines the function of data processing.
- Confidentiality - Successfully restricting access and disclosure to specific persons or organizations. This factor assesses encryption, access controls, and network/application firewalls.
- Privacy - Privacy examines whether the collection, use, retention, disclosure, and disposal of personal information is in alignment with the privacy notice governing these components of privacy. This factor assesses access control, two-factor authentication, and encryption elements.
The Awardco SOC 2 Type 2 report dives into Awardco's systems and processes and certifies that their design is suitable to meet the trust principles listed above. The SOC 2 Type 2 report on Awardco security processes is available to prospective clients through the RFP process and to all current clients upon request. To request this document, please contact your Awardco point of contact.
Why does SOC 2 matter?
This assessment examines security elements unique to this service type and requires companies to establish and follow strict procedures encompassing the five Trust Factors discussed above. It's one thing for a company to say they have security policies in place, it's another to review a report that examines the veracity of these claims.
Through obtaining SOC 2 certification, we have made our security practices available for review by our clients, as certified by third party auditors.
What does it mean for me as a client of Awardco?
SOC 2 Type 2 compliance and certification demonstrate that Awardco rigorously protects our clients by enforcing the highest standards of security in managing and protecting our client data. Regular third-party audits maintain this certification and guarantee that Awardco will maintain these high standards year after year.
In short, SOC 2 allows you to rest assured that Awardco closely adheres to the highest industry standards of data security, developed to keep your organization's employee data safe.
If you feel this article left your questions unanswered, please contact your account manager so we can better assist you.