SOC 2 Compliance

Service Organization Control (SOC) is a set of standards to create, maintain, prove, and even enhance the way a vendor manages data – both on-premises and in cloud environments.

Originally established by the American Institute of Certified Public Accountants (AICPA), SOC 2 defines how organizations handle sensitive data, such as financial information and medical records. The SOC 2 Type II certification requires to undergo an independent audit by a qualified third-party auditor. The auditor then certifies that the vendor meets all applicable requirements in one or more of the following trust principles:

• Security

• Availability

• Processing Integrity

• Confidentiality

• Privacy

What it Takes to Become SOC 2 Compliant

Our Speech Analytics Solution is SOC 2 Type II compliant, it takes more than just having the right technology in place it needs to have strict processes as well. It’s an assurance that a vendor has implemented the proper controls to protect the confidentiality, availability, and integrity of your data.

The SOC 2 audit evaluates all aspects of service delivery. It also evaluates whether data is collected under consent and whether data is properly secured from unauthorized access and modification. This means that your data is safe and will not be shared with anyone else without your consent first.

Here is a glimpse of what the process looks like:

• First, a team of auditors will thoroughly review the system documentation, including policies and procedures, as well as all aspects of the service delivery model.

• Then they will conduct interviews with key personnel in the organization to verify that the processes and procedures are being followed properly.

• Finally, they will conduct a physical on-site inspection of the facilities, examining hardware and software configuration along with all related network infrastructure.

The end result, it verifies that the service has implemented appropriate security measures in accordance with industry best practices.