We are now certified as a SOC 2 service organization as defined by the American Institute of Certified Public Accountants (AICPA).
What is SOC 2?
System and Organization Controls 2 requires companies to establish and follow strict information security policies and procedures by encompassing security, availability, processing, integrity, and confidentiality of client data. SOC 2 audits are conducted through an independent auditor to assure a business’ process, information technology, and risk management controls are properly designed.
A SOC 2 certification provides additional assurance for our clients. We are proud to adhere to one of the most stringent, industry-accepted auditing standards for technology companies!
The independent audit was conducted by Crowe LLP, one of the largest independent accounting and business consulting firms in the United States. This organization validated our software’s stringent security and governance controls.
Which Processes Get Reviewed in a SOC 2 Audit?
The official SOC 2 audit report provides a thorough review of processes relating to risk management, including:
- Internal Controls
- Access Management Policies
- Subservice (vendor) Due Diligence
- IT Infrastructure
- Software Development Lifecycle
- Change Management Procedures
- Logical Security
- Network Security
- Physical & Environmental Security
- Computer Operations
- Business Continuity and Disaster Recovery Plans
- Acceptable Use Policies
- Corporate Ethics
- Top-Level Security for Public Records Management
Successfully earning a SOC 2 Type 2 certification is a reflection of our commitment to ensuring our clients’ data is protected by the highest standards of data security, governance, and privacy. This achievement, along with our FedRAMP authorized infrastructure on Microsoft Azure Government Cloud, means our clients can trust that we offer the industry’s most secure managed cloud offering.
Donny Barstow, President & CEO, MCCi