We’re proud to announce that Cloud Court, Inc. is proven SOC 2 Type II compliant!
What Is SOC 2 Type II, and Why Is It Important?
SOC 2 or Service Organization Controls 2 is a framework that is governed by the American Institute of Certified Public Accountants (AICPA). With a SOC 2 audit, an independent service auditor will review an organization’s policies, procedures, and evidence to determine if their controls are designed and operating effectively. A SOC 2 report communicates a company’s commitment to data security and protection of customer information.
There are two types of SOC 2 reports: Type I describes an organization’s systems and whether the system design complies with the relevant trust principles; Type II details the operational efficiency of these systems over time.
Improving Security Posture
SOC 2 compliance exemplifies an organization’s commitment to their customer’s trust and is a major milestone towards improving their overall security posture. With increasing cybersecurity threats and data breaches, it is paramount that organizations prioritize information security and the protection of their systems and data. By undergoing a SOC 2 audit, our controls and processes were validated by a third party who attests to the functioning of the controls relevant to our application.
Our Commitment to Security in Action
SOC 2 compliance is an integral step in proving to customers, stakeholders, and interested parties that our organization values their trust and effectively uses security controls.
Because of the critical and often-sensitive nature of customer content that we process and the painstaking processes, policies, and company values that we follow to maintain confidentiality and trust, it made sense to build our security model according to a widely-recognized security standard and follow the broad path to achieve better compliance.
Our SOC2 Type II audit was completed March 6, 2024. We intend to audit our security on an annual basis. We believe our customers and partners will appreciate our focus on security and we look forward to building relationships with like-minded companies and firms.
Cloud Court’s Journey to SOC 2 Compliance
Vanta and Advantage Partners
We continued to partner with Vanta, a leader in the Trust Management space, to help us automate the collection of our audit evidence. Our audit firm, Advantage Partners, was again extremely helpful in creating a seamless audit experience.
Process
We leveraged Vanta to integrate our key systems and monitor compliance with our policies and procedures. Advantage Partners confirmed our audit readiness. For the SOC 2 Type II audit, Advantage evaluated our controls and tests. Shortly after our audit window ended, Advantage Partners drafted and issued our report.
Lessons Learned
Security must be hard-coded into the DNA of a company in order for it to work. SOC 2 is much more comprehensive than just a firewall and anti-malware software running on devices. Refreshingly, in contrast to the implementation phase, monitoring security and maintaining compliance agreements can be much simpler. Once the entire organization is engaged in security and conscious of policies and procedures, everyone understands how their everyday activities can contribute to or harm the organization’s security posture. When a compliance item requires action, people understand why it matters and they take timely action.
Interested parties can request access to Cloud Court’s SOC 2 Type II report via email to info@cloudcourtinc.com. A member of our team will follow up with you.