At Jones IT, we put concerted efforts into creating a cybersecurity culture, and as a testament to our commitment to privacy and security, we have achieved and maintain SOC 2 compliance. You can request a copy of our SOC 2 report using the button below:

We are also proud to be among an illustrious group of security-minded organizations at the SafeBase Trust Alliance.

Our commitment to security is also complemented by our belief in transparency. You can get a comprehensive view of our privacy and security posture by visiting Jones IT's Trust Center.

With Jones IT, rest assured that your security is in good hands.

How Jones IT Helps You With SOC 2 Compliance?

Drawing upon our own SOC 2 experience as well as those of our clients, we help you create and maintain your IT systems, policies, and processes necessary for achieving and maintaining SOC 2 compliance.

Here’s a list of activities we can help you with:

  1. Conduct Initial Discovery & Weekly Meetings with the compliance team

  2. Automate your compliance journey with an industry-leading GRC platform

  3. Deploy, manage & administer SOC 2 required applications

  4. Provide security training to your staff

  5. Implement access management

  6. Implement vendor management

  7. Implement asset management

  8. Implement risk management

  9. Implement policy management

  10. Liaison with top industry audit firm

  11. Conduct evidence collection & remediation during the audit process

  12. Help you meet all of your promised SLAs

  13. Compliance Maintenance & Continued Reviews

 
 

Get in touch with our Security & Compliance Experts

Read Our Privacy Policy, and Terms

For more details of our SOC 2 compliance support chec out our brochure:

 

What Our Customers Say About Us

What Is SOC 2?

System and Organizational Control 2 (SOC 2) is an auditing procedure designed to ensure that third-party service providers are securely managing data to protect the privacy and the interests of their clients.

SOC 2 is based on the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria) and it focuses on system-level controls of the organization.

SOC 2 compliance plays an important role in demonstrating your company’s commitment to securing customers’ data by illustrating how your vendor management programs, regulatory oversight, internal governance, and risk management policies and practices meet the security, availability, processing integrity, confidentiality, and/or privacy controls criteria.

Who Must Comply With SOC 2?

SOC 2 applies to those service organizations that store customer data in the cloud. This means that most companies that provide SaaS are required to comply with SOC 2 since they invariably store their client’s data in the cloud.

SOC 2 was developed primarily to prevent misuse, whether intentionally or inadvertently, of the data sent to service organizations. Therefore, companies use this compliance to assure their business partners and service organizations that proper security procedures are in place to safeguard their data.

SOC 2 Type 1 vs SOC 2 Type 2

SOC 2 Type 1 and SOC 2 Type 2 reports are similar as they both report on the non-financial reporting controls and processes at an organization as they relate to the TSC. But they have one key difference.

SOC 2 Type I report is a verification of the controls at an organization at a specific point in time, while a SOC 2 Type II report is a verification of controls at a service organization over a period of time (usually a year but can be as short as 3 months).

The Type 1 report demonstrates whether the description of the controls as provided by the management of the organization is appropriately designed and implemented. The Type 2 report, in addition to the attestations of the Type 1 report, also attests to the operating effectiveness of those controls.

In other words, SOC 2 Type 1 describes your controls and attests to their adequacy while the type 2 report attests that you are actually implementing the controls you say you have. That’s why, for the type 2 audit, you need extra evidence to prove that you’re actually enforcing your policies.

If you are engaging in a SOC 2 certification audit for the first time, you would ideally begin with a Type 1 audit, then move on to a Type 2 audit in the following period. This gives you a good foundation and sufficient time to focus on the descriptions of your systems.

What Are The Basic Requirements For SOC 2 Compliance?

The most basic requirement of SOC 2 is that your business needs to establish formal security policies and procedures that are followed by everyone in the company. These policies and procedures will serve as guides for the auditors who will review them during the SOC 2 Compliance audits.

To become SOC 2 certified you will need to establish processes and practices that guarantee oversight across your organization. Your policies and procedures need to cover the security, availability, processing integrity, confidentiality, and privacy of data stored in the cloud.

Preparation For SOC 2 Compliance

Readiness Assessment

Before you embark on a big project such as SOC 2 Compliance Audit, it is ideal to evaluate the preparedness of your company. Jones IT will conduct a readiness assessment that will help you identify areas that are deficient and the remedies required. This will help you plan and prepare so that you can accomplish the project goals effectively.

Monitoring

SOC 2 requires you to have, usually at the system level,  the ability to monitor for any unusual, unauthorized, or suspicious activity. To achieve this, Jones IT will help establish systems to monitor for both - known (phishing, unauthorized access, etc.) as well as unknown (zero-day threat, etc.) malicious activities. In order to make the abnormal activities stand out, we will also help you establish a baseline of normal activity in your cloud environment.

Alerts

SOC 2 compliance requires you to set up alerts flagging unauthorized access, file transfer, modification, etc. Timely alerts help you to respond and take remedial measures quickly. Also, it is important to flag only those incidents that stray from the established baseline activity. This way you aren’t inundated with false alerts.

In-house Audits

Regular internal audits give you insight into the efficacy of your operations, data security, and compliance preparedness. Maintaining detailed audit trails not only helps you tighten your data security but also aids you in meeting SOC 2 compliance requirements. Jones IT will help you create SOC 2 compliance checklist for your IT-related compliance areas.

Featured Blogs:
Common IT Security Standards, Regulations, And Frameworks
Common IT Security Standards, Regulations, And Frameworks
How Does Being Fully Remote Impact SOC 2 Compliance?
How Does Being Fully Remote Impact SOC 2 Compliance?
Challenges Of Growing A Business And How To Overcome Them
Challenges Of Growing A Business And How To Overcome Them
PCI Compliance Guide For Small Businesses
PCI Compliance Guide For Small Businesses
What Is The ISO/IEC 27001 Information Security Management Standard
What Is The ISO/IEC 27001 Information Security Management Standard
Is SOC2 Compliance Right For Your Organization? And How To Start?
Is SOC2 Compliance Right For Your Organization? And How To Start?
What To Do If Your Organization Needs To Be HIPAA Compliant
What To Do If Your Organization Needs To Be HIPAA Compliant
What Is The NIST Cybersecurity Framework And How To Get Started
What Is The NIST Cybersecurity Framework And How To Get Started
How To Perform A Cybersecurity Risk Assessment
How To Perform A Cybersecurity Risk Assessment
What Is HIPAA And How To Become HIPAA Compliant
What Is HIPAA And How To Become HIPAA Compliant