At Jones IT, we put concerted efforts into creating a cybersecurity culture, and as a testament to our commitment to privacy and security, we have achieved and maintain SOC 2 compliance. You can request a copy of our SOC 2 report using the button below:
We are also proud to be among an illustrious group of security-minded organizations at the SafeBase Trust Alliance.
Our commitment to security is also complemented by our belief in transparency. You can get a comprehensive view of our privacy and security posture by visiting Jones IT's Trust Center.
With Jones IT, rest assured that your security is in good hands.
How Jones IT Helps You With SOC 2 Compliance?
Drawing upon our own SOC 2 experience as well as those of our clients, we help you create and maintain your IT systems, policies, and processes necessary for achieving and maintaining SOC 2 compliance.
Here’s a list of activities we can help you with:
Conduct Initial Discovery & Weekly Meetings with the compliance team
Automate your compliance journey with an industry-leading GRC platform
Deploy, manage & administer SOC 2 required applications
Provide security training to your staff
Implement access management
Implement vendor management
Implement asset management
Implement risk management
Implement policy management
Liaison with top industry audit firm
Conduct evidence collection & remediation during the audit process
Help you meet all of your promised SLAs
Compliance Maintenance & Continued Reviews
For more details of our SOC 2 compliance support chec out our brochure:
What Our Customers Say About Us
What Is SOC 2?
System and Organizational Control 2 (SOC 2) is an auditing procedure designed to ensure that third-party service providers are securely managing data to protect the privacy and the interests of their clients.
SOC 2 is based on the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria) and it focuses on system-level controls of the organization.
SOC 2 compliance plays an important role in demonstrating your company’s commitment to securing customers’ data by illustrating how your vendor management programs, regulatory oversight, internal governance, and risk management policies and practices meet the security, availability, processing integrity, confidentiality, and/or privacy controls criteria.
Who Must Comply With SOC 2?
SOC 2 applies to those service organizations that store customer data in the cloud. This means that most companies that provide SaaS are required to comply with SOC 2 since they invariably store their client’s data in the cloud.
SOC 2 was developed primarily to prevent misuse, whether intentionally or inadvertently, of the data sent to service organizations. Therefore, companies use this compliance to assure their business partners and service organizations that proper security procedures are in place to safeguard their data.
SOC 2 Type 1 vs SOC 2 Type 2
SOC 2 Type 1 and SOC 2 Type 2 reports are similar as they both report on the non-financial reporting controls and processes at an organization as they relate to the TSC. But they have one key difference.
SOC 2 Type I report is a verification of the controls at an organization at a specific point in time, while a SOC 2 Type II report is a verification of controls at a service organization over a period of time (usually a year but can be as short as 3 months).
The Type 1 report demonstrates whether the description of the controls as provided by the management of the organization is appropriately designed and implemented. The Type 2 report, in addition to the attestations of the Type 1 report, also attests to the operating effectiveness of those controls.
In other words, SOC 2 Type 1 describes your controls and attests to their adequacy while the type 2 report attests that you are actually implementing the controls you say you have. That’s why, for the type 2 audit, you need extra evidence to prove that you’re actually enforcing your policies.
If you are engaging in a SOC 2 certification audit for the first time, you would ideally begin with a Type 1 audit, then move on to a Type 2 audit in the following period. This gives you a good foundation and sufficient time to focus on the descriptions of your systems.
What Are The Basic Requirements For SOC 2 Compliance?
The most basic requirement of SOC 2 is that your business needs to establish formal security policies and procedures that are followed by everyone in the company. These policies and procedures will serve as guides for the auditors who will review them during the SOC 2 Compliance audits.
To become SOC 2 certified you will need to establish processes and practices that guarantee oversight across your organization. Your policies and procedures need to cover the security, availability, processing integrity, confidentiality, and privacy of data stored in the cloud.
Preparation For SOC 2 Compliance
Readiness Assessment
Before you embark on a big project such as SOC 2 Compliance Audit, it is ideal to evaluate the preparedness of your company. Jones IT will conduct a readiness assessment that will help you identify areas that are deficient and the remedies required. This will help you plan and prepare so that you can accomplish the project goals effectively.
Monitoring
SOC 2 requires you to have, usually at the system level, the ability to monitor for any unusual, unauthorized, or suspicious activity. To achieve this, Jones IT will help establish systems to monitor for both - known (phishing, unauthorized access, etc.) as well as unknown (zero-day threat, etc.) malicious activities. In order to make the abnormal activities stand out, we will also help you establish a baseline of normal activity in your cloud environment.
Alerts
SOC 2 compliance requires you to set up alerts flagging unauthorized access, file transfer, modification, etc. Timely alerts help you to respond and take remedial measures quickly. Also, it is important to flag only those incidents that stray from the established baseline activity. This way you aren’t inundated with false alerts.
In-house Audits
Regular internal audits give you insight into the efficacy of your operations, data security, and compliance preparedness. Maintaining detailed audit trails not only helps you tighten your data security but also aids you in meeting SOC 2 compliance requirements. Jones IT will help you create SOC 2 compliance checklist for your IT-related compliance areas.