Ntrepid Completes SOC 2 Type 2 Assessment
Ntrepid continually invests in security best practices to ensure that our customers’ data stays safe and secure. This is part of our ongoing effort to mitigate cybersecurity risk. Ntrepid selected an independent, third-party auditor to conduct the SOC 2 Type 2 assessment of our Hosted System. They reviewed numerous information security controls over a three-month time period. We are excited to announce that Ntrepid has successfully completed this assessment. Achieving this accomplishment symbolizes our security commitment to all of our current and future customers.
What is a SOC 2 report?
A SOC 2 report addresses risks associated with the handling and accessing of data. It can be used by a variety of organizations of any size (e.g., SaaS, colocation, data hosting, etc.). A cybersecurity assessment evaluates specific technical configurations. A SOC 2 report, however, focuses on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC). This criteria helps to identify various risks (points of focus) an organization should consider addressing. The independent auditor evaluates whether the organization has the appropriate policies, procedures, and controls in place to manage the identified risks effectively based on the TSCs the organization selects.
There are five TSCs. The first criteria, Security, must be included with every SOC 2 report. This is referred to as the “Common Criteria.” The remaining four criteria are optional to include:
- Security (required)
- Availability (optional)
- Processing Integrity (optional)
- Confidentiality (optional)
- Privacy (optional)
Ntrepid focused its SOC 2 exam completely on Security. To pass a SOC 2 examination, we had to address controls in areas to include but not limited to information security, access control, vendor management, system backup, business continuity, and disaster relief.
Why does Ntrepid need a SOC 2?
When assessing the adequacy of their cloud service providers, many federal, state, and local law enforcement agencies rely upon the SOC 2 framework. Therefore, having SOC 2 compliance demonstrates to those organizations that we follow rigorous IT security standards. It assures them that we protect the services that they rely upon and properly safeguard their data.
Know your data is safe and secure with Ntrepid
Ntrepid’s SOC 3 report is a high-level summary of the SOC 2 assessment. We can share this report with our current or potential customers upon execution of a non-disclosure agreement. To learn more about our security policies and initiatives, contact Ntrepid.