As businesses increasingly rely on cloud-based services and third-party vendors to manage critical data and systems, the need for reliable and secure information-handling practices has never been greater.
At Herrmann, we strive for the utmost integrity in handling end-user data. We proudly announce our SOC2 Type 2 certification, reflecting our commitment to secure customer data with complete confidentiality and privacy standards. This certification verifies that the Herrmann technology platform meets rigorous standards for data security, availability, processing integrity, and the assurance of personal information rights. We have worked hard over these last 40 years to guarantee that Thinkers worldwide can rely on us to protect their data.
What is SOC 2 Type 2?
SOC 2 (Service Organization Control 2) is criteria developed by the American Institute of Certified Public Accountants (AICPA) to help organizations demonstrate adequate controls for managing and securing customer data. It involves an independent, certified auditor conducting assessments of the controls in place for up to one year. The report includes a detailed overview and description of said controls and the auditor's evaluation of their effectiveness.
Why is SOC 2 Type 2 important?
In today's world, data breaches are common, making businesses of all sizes vulnerable. A SOC 2 Type 2 report assures customers and stakeholders that an organization has taken steps to mitigate the risk of a data breach or other security incident. It also demonstrates that the organization has implemented effective information security practices regularly monitored and audited by a third party.
How is SOC 2 Type 2 different from SOC 2 Type 1?
A SOC Type 1 report attests to the suitability of the user controls. In contrast, a Type 2 report has an opinion regarding the operating effectiveness of those controls over the audit period. SOC 2 Type 1 reports provide initial assurance to customers. In contrast, SOC 2 Type 2 reports are used to provide ongoing security over a time that an organization controls.
How can an organization become SOC 2 Type 2 compliant?
Becoming SOC 2 Type 2 compliant typically involves a thorough review of an organization's information security policies, procedures, and controls and regular monitoring and testing of those controls.
To become compliant, an independent auditor would be involved in reviewing the following practices and policies:
Infrastructure - the physical and hardware elements of a system
Software - the programs and operating software of a system and people
Personnel - relevant to the operation of a system
It is a complex process that requires organizations to identify the security criteria and controls that apply to their business. The process typically involves identifying the risks associated with data security, assessing the current security state, and then implementing the necessary controls to meet compliance standards. By taking these steps, organizations can keep their customer data secure and protected.
“Looking forward, we will continue to prioritize our Thinkers’ data privacy,” says Herrmann's CEO Karim Nehdi. “The importance of trust in today’s world cannot be overstated. We help Thinkers build trust in one another, their teams, and their organization, and our strong voice on data privacy helps reinforce that trust.”