Apsona is now SOC 2 compliant

As companies store, process, and transmit sensitive information, the need for robust controls and safeguards around data becomes paramount. Apsona has always been very cognizant of data privacy and security. Our apps are architected to minimize or eliminate data storage, and we work to be transparent of any data that needs to be accessed, as discussed on our Security page.

However, in November 2022, our management team saw how critical it was to have certification of these processes for our customers. We wanted to ensure that we were compliant with the strictest regulations, and therefore put together a team to pursue SOC 2 certification. SOC 2, short for Service Organization Control 2, is a recognized standard designed to assess and assure the security, availability, processing integrity, confidentiality, and privacy of customer data within service organizations.

As our team worked with independent auditors who carefully examined our internal procedures, we were glad to see that we already followed many processes that made us easily SOC 2 compliant. This hugely validated our internal practices and our technical architecture, and we were able to complete our entire SOC2 certification process in less than four months!

What is SOC 2 Certification?

Developed by the American Institute of CPAs (AICPA), SOC 2 is an auditing procedure that evaluates a service organization's controls regarding data protection and operational practices. SOC 2 compliance is particularly relevant for businesses that provide cloud-based services, Software as a Service (SaaS), data centers, managed service providers, and other technology-related service offerings.

The SOC 2 audit assesses the company's information systems, policies, procedures, and activities against predefined criteria. These criteria are based on five Trust Services Criteria (TSC), which include:

1. Security: The system is protected against unauthorized access, both physical and logical.

2. Availability: The system is available for operation and use as agreed upon.

3. Processing Integrity: System processing is complete, accurate, timely, and authorized.

4. Confidentiality: Information designated as confidential is protected as agreed upon.

5. Privacy: Personal information is collected, used, retained, disclosed, and disposed of appropriately.

How SOC 2 helps our customers and partners

1. Ensuring Data Security and Trust: Your data security and confidentiality are of utmost importance to us. Our SOC 2 compliance ensures your data's security by adhering to strict protocols, so you know that your sensitive information is safeguarded against breaches.

2. Simplified Compliance: Navigating the ever-evolving landscape of industry regulations can be daunting. We simplify your compliance efforts by demonstrating our adherence to industry standards through SOC 2 reports, allowing you to focus on your objectives.

3. Mitigating Risks and Enhancing Reliability: SOC 2 insights showcase our proactive risk mitigation to ensure the reliability of our services. You can rest assured that disruptions to your operations will be minimized, and the integrity of your data will be upheld even in the face of unforeseen challenges.

4. Informed Decision-Making: We recognize that choosing the right technology partner is a critical decision. Our SOC 2 reports provide transparency into our security practices, enabling you to confidently engage with us.

5. Efficient Collaboration and Trust Building: SOC 2 reports not only showcase our technical capabilities but also exemplify our commitment to transparency and trust. Our SOC 2 compliance streamlines due diligence, relying on independent audit findings, allowing you to focus on collaborative goals within a trusted partnership.

Conclusion

Maintaining the highest levels of security and data protection is vital for Apsona and our customers. SOC 2 certification provides an objective assessment of our controls related to data security, availability, processing integrity, confidentiality, and privacy. By undergoing the rigorous SOC 2 audit process, we hope that our clients can gain peace of mind, knowing that your valuable data is in the hands of a trusted and secure service provider. If your leadership team has any questions about our security and compliance, or you’d like to see our SOC 2 report, you can feel free to contact us.