Mortgage Professional America has a great article on its website explaining why a SOC 2 attestation is a big deal.
In short: A Service Organization Control (SOC) 2 Type II attestation means a company has been audited on its security controls for storing customer data on the cloud. SOC 2 requires controls to be managed and tested on a daily, weekly, monthly, quarterly and annual basis by a vendor’s internal team.
The audits occur annually.
The SOC 2 attestation is one of the hardest information security certifications to get. Not only does it require audits and continuous reviews of operations, SOC 2 Type II certification also isn’t cheap.
As the MPA article says, “Who in their right mind would willingly subject themselves to this expensive and never-ending agony? The answer – vendors serious about earning and keeping your business, understanding that you cannot afford to be that next news headline.”
Also, working with a SOC 2 vendor could save you substantial vendor due diligence and annual re-certification expenses. In all likelihood, anyone auditing you will be thrilled to know you are doing business with SOC 2 Type II suppliers, the article says.
So that is why we proudly display the SOC 2 Type II logo on our website. We go through the audit every year, because we are committed to achieving the top standards for IT Security for our clients. If you’re working with an IT vendor who isn’t committed to being SOC 2 certified, contact us!