We’re proud to announce that Cloud Court, Inc. has earned SOC2 Type I certification as of October 16, 2023.
What Is SOC2 and Why Is It Important?
SOC2, or Service Organization Controls 2 is a framework that is governed by the American Institute of Certified Public Accountants (AICPA). With a SOC2 audit, an independent service auditor will review an organization’s policies, procedures, and evidence to determine if their controls are designed and operating effectively. A SOC2 report communicates a company’s commitment to data security and protection of customer information.
There are two types of SOC2 reports. Type I describes an organization’s systems and whether the system design complies with the relevant trust principles. Type II details the operational efficiency of these systems.
Improving Security Posture
SOC2 compliance exemplifies an organization’s commitment to their customer’s trust and is a major milestone towards improving their overall security posture. With increasing cybersecurity threats and data breaches, it is paramount that organizations prioritize information security and the protection of their systems and data. By undergoing a SOC2 audit, our controls and processes were validated by a third party who attests to the functioning of the controls relevant to our application.
Why We Pursued SOC2 Now
SOC2 compliance is an integral step in proving to customers, stakeholders, and interested parties that our organization values their trust and has effectively implemented security controls. At our current stage, we decided that it was an ideal time to pursue this as it is important to protect data and mitigate potential security risks early and on an ongoing basis.
Over the past few years, Cloud Court has developed several strong relationships with law firms and corporate clients as well as mutually beneficial partnerships. In 2023, we crossed key startup milestones that positioned us for increased investment, growth, and faster development of solutions.
Because of the critical and often-sensitive nature of customer content that we process and the painstaking processes, policies, and company values that we follow to maintain confidentiality and trust, it was an intuitive and simple next step to demonstrate our security posture with an appropriate third-party certification.
Our SOC2 Type I certification is valid as of October 16, 2023, and we are proceeding quickly to initiate a Type II audit. From there, we intend to renew our Type II certification annually. We believe our customers and partners will appreciate our focus on security and we look forward to building relationships with like-minded companies and firms.
Cloud Court’s Journey to SOC2 Compliance
Vanta
We partnered with Vanta, a leader in the Trust Management space, to help us automate the collection of our audit evidence. Vanta provided us with a strong security foundation to protect our customer data.
Advantage Partners
Our audit firm, Advantage Partners, was extremely helpful in creating a seamless audit experience. With their guidance and support, we were able to achieve SOC2 compliance in a swift, efficient manner.
Process
While SOC2 can be a big undertaking, our compliance partners streamlined the process. We leveraged Vanta to integrate our key systems and guide us in implementing policies and procedures to quickly become audit ready. Vanta gave us the direction we needed to pursue our compliance journey.
Advantage Partners then confirmed our audit readiness, and we kicked off our Type I audit. For the audit, Advantage evaluated the controls we have in place and opined on their state. Shortly after our audit window ended, Advantage Partners drafted and issued our report.
Timeline
Improving a company’s security posture and achieving compliance can be a monumental task. It was made much easier with the right compliance partners, although it did take dedicated focus and time from the organization. Getting ready could have taken months, but we were able to accelerate our readiness period to a matter of several weeks. We reviewed the audit timeline with Advantage Partners, set an ideal audit date, and then worked backwards to be ready in time.
Lessons Learned
Our SOC2 readiness illuminated how security must be hard-coded into the DNA of a company in order for it to work. We quickly realized that even for a startup with a very focused offering, we needed to infuse security best practices into areas beyond information and device security, such as candidate screening and hiring, physical safety and employee conduct, and segregation of duties for better oversight, to name just a few.
Therefore, SOC2 is much more comprehensive than just a firewall and anti-malware software running on devices. But we discovered that our current systems and vendors were mostly perfectly suited to integrate with each other, which streamlined the creation and maintenance of a highly secure environment while allowing for continued growth and evolution of our company and systems.
Some advice we would offer to anyone contemplating SOC2 certification is to find a qualified vendor and audit partner who has experience helping companies at your lifecycle stage. To our surprise, Cloud Court had a head start on the various requirements because our management team consists of people with expertise in law, accounting, and technology, the sum of which principles are common to SOC2.
It's not “security theater.” The entire organization must be involved in improving security and adhering to policies and procedures. The SOC2 framework truly elevates a company’s security posture to a higher level with much lower risk. It also improves everyone’s awareness of how their everyday activities can contribute to or harm the organization’s security posture.
It should go without saying that vendor security reviews are highly requested in sales cycles and SOC2 can help unblock that business.
Interested parties can request access to Cloud Court’s SOC2 Type I report via email to info@cloudcourtinc.com. A member of our team will follow up with you.