SOC Compliance Still the Best Around

Here’s a not-so-fictional scenario: You sign up for a cloud service, one that is going to help transform your digital journey, connect you closer to your customers and streamline business processes. The ROI is impressive. Everyone on your team has signed off on this. Your proof of concept (POC) goes swimmingly. This vendor ticks all the boxes and you’re sailing toward a smooth digital future with this cloud solution. Then your security architect asks: “How can we trust that this vendor is following industry-standard security and operations procedures?” Good question, how can you? After all, most vendors won’t allow a deep inspection of their cloud infrastructure so that you can validate the encryption, segregation of duties, application security, and generally good IT hygiene. Cloud SaaS vendors have too many priorities — such as making service improvements — to effectively entertain hundreds or thousands of customer inquiries, many of them covering the same ground. Fortunately, there are industry-standard solutions to this challenge.

What Is SOC 2?

The Service Organizational Control (SOC) is an auditing procedure developed by the American Institute of CPAs (AICPA). Though this is an American-invented audit procedure, it is recognized the world over as one of the best ways to validate how your cloud SaaS vendor is handling their (your) data. SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy. There are two types of SOC reports:

• Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles
• Type II details the operational effectiveness of those systems

And the outcome of a SOC audit are customer-friendly reports that your vendor may supply with relevant details on how the SaaS service operates. You should request any relevant SOC documents in the evaluation phase of your engagement and use them to help make a final decision.

SOC 2 Compliance for HID Authentication Service

Our secure and scalable cloud identity platform, HID Authentication Service, is SOC II Type 1 compliant. Watch a video on how it works and learn more about the important service here. Get the latest blogs on identity and access management delivered straight to your inbox. Milan Khan is a Product Manager within the Identity and Access Management Solutions business area at HID Global. Responsible for the HID Cloud Authentication Service, he’s successfully launched the product and continues to champion the improvements. Milan has worked within the IT security industry for over 16 years, primarily in customer facing roles, understanding customer needs and drivers. He is keen to solve customer’s identity, access and authentication problems, while innovating and improving customer experience.