After a rigorous evaluation and third party auditing process, 24G is excited to announce that we have received our SOC 2 Type II certification. SOC 2 Type II is the most comprehensive system and certification within the Systems and Organization Controls protocol, and while 24G has always placed an emphasis on top-level security, this new certification level demonstrates our ongoing commitment to provide the highest level of security assurance.
What is SOC 2 Type 2 Compliance?
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for evaluating how well a company manages customer data and ensuring a set of security controls are in place.
The System and Organization Controls or “SOC” 2 Report addresses an organization’s controls against the AICPA’s Trust Services Criteria. The SOC 2 Type II Report focuses on management’s description of a service organization system and the suitability of the design and operating effectiveness of controls.
The 24G Road to SOC2 Certification
At the onset of the pandemic, 24G developed an exciting new virtual event software called VXP to support our client’s urgent need for robust and engaging online meetings and event solutions. We were immediately inundated with interest. However, with that interest came requests from major corporation’s IT departments asking for our security controls and policies, and more specifically, SOC 2 certification. Security has always been one of our core tenants at 24G, so in the latter portion of 2020, we began the process of certification.
The first step was to contract a third party auditor. The next few months revolved around the Readiness phase. Our auditor interviewed us, looked at our controls and policies, then created a report to see how ready we were for SOC 2. Thankfully, we already had many of the required security tenants in place to help us toward our goal.
We then took the next 3-4 months to write our policies, train our staff, put our controls in place, automate, and last but not least, document it all. The subsequent 3 months were for the audit period.
To earn SOC2 Level II Certification, 24G had to clearly demonstrate the following to our auditors:
Security: Our systems are secure against unauthorized access internally and externally.
Availability: Not only are our systems available per our SLAs, they are also backed up, with failovers in place, and disaster recovery plans ready and tested.
Processes, Controls, Policies: All are in place and followed not only for this initial audit period, but for all future uses in order to maintain our security posture .
Confidentiality: Data that clients and users provide us have controls, encryption, and firewalls in place to limit access and avoid all data leaks.
Privacy: We effectively and safely collect, retain, use, disclose and dispose of our client’s and user’s personal information.
A Commitment to our Client’s Data Security
After this detailed audit and analysis, 24G proudly announces our SOC 2 Type II certification! 24G now emerges more secure (and with an exciting badge addition to our website), with a client base that will reap the benefits of our commitment to information security, knowing their data is safe now, and in the future.