Your Products and Services
If you provide a product or a service to a customer through a system that that involves the collection, use, processing, transmission, or storage of non-public personal information (NPPI), it will only be a matter of time before your customers asks you for a SOC 2 examination and report. A system is defined as the infrastructure, software, people, processes, data, and procedures used to provide a product or service. Non-public personal information is any data or information considered to be personal in nature and not subject to public availability. You should also understand that if you partner with another organization who is responsible for the collection, processing, transmission, or storage on NPPI, you are still responsible and may require SOC 2 certification.
Download Our Free Guide on Defining Your System
Regulations and Compliance Requirements
The security and privacy of your customer’s information can also be subject to other regulations and compliance requirements. We provide SOC for Cybersecurity and SOC 2 Plus+ examinations that incorporate additional security and privacy requirements defined by NIST’s Cybersecurity Framework, HIPAA/HITECH, the Cloud Security Alliance’s Cloud Control Matrix (CCM), or ISO: 27001 to name a few.
For More Information, Contact Us