Blog

In a previous blog post, we introduced SOC 2 compliance and its Five Trust Services Criteria (formerly "Principles").

In this article, we'll explain how Streamworks' SOC 2 Type 2 compliance can benefit your business. Here's a quick recap of what SOC 2 compliance is all about.

What is SOC 2?

The AICPA (American Institute of Certified Public Accountants) designed and introduced the SOC series of audits and reports. SOC stands for "System and Organization Controls." It reports on the controls service organizations use to protect, process, and store client data.

There are three SOC reports, but the SOC 2 report focuses on the security design and operating effectiveness of a service organization's policies, procedures, and controls.

The Trust Services Criteria 

SOC 2's Five Trust Services Criteria guide how service organizations should handle sensitive client data.

The Five Trust Services Criteria are:

1. Security - addresses systems and data protection against unauthorized physical and logical access. Security is the only required criteria, also called the "common criteria."
2. Availability - addresses how systems and data are accessible as agreed upon in the service organization's service level agreements and objectives.
3. Processing Integrity - addresses how system processing is complete, valid, accurate, timely, and authorized.
4. Confidentiality - addresses how confidential information is protected.
5. Privacy - addresses how personal information is collected, used, retained, disclosed, and destroyed per commitments in the privacy notice.

Type 1 vs. Type 2 Report

Besides the Five Trust Services Criteria, SOC 2 has both a Type 1 and Type 2 report. 

What's the difference?

In simple terms, the Type 1 report examines if systems are suitably designed at a specific single moment in time.

Contrast that to the Type 2 report which examines if systems are operating as designed over some time, typically six months or more.

Type 2 is a more rigorous audit as it measures operating effectiveness, or how well the systems work in real-world, real-time practice.

Streamworks has chosen the more comprehensive and demanding Type 2 compliance report, so our clients see our systems operate effectively and securely over the long term.

SOC 2 Benefits 

It's all well and good that we've invested in our security operations, methods, and framework. The real question is, what are the benefits to your company? 

Here are three:

We've done the auditing for you, so you'll save time and money 

Most companies don't have the time, money, or full security team to audit a critical vendor. Work must move forward, and to get the job done, you sometimes have to share sensitive data.

How do you know your service providers are doing all they can to protect that data?

That's where the SOC 2 Type 2 report comes in.

Streamworks has invested heavily in our security program. How? Audited against stringent security standards, we provide security awareness training for all employees. Also, we develop and maintain administrative, technical, and physical security controls to protect your data.

Through our annual SOC 2 Type 2 audit (which is always performed by independent, unbiased, third-party auditors), we show our commitment to security and the protection of your data. 

Confidence that our systems are suitably and securely designed 

We had two things in mind when we designed our secure systems: to protect your data and to keep your business moving forward.

With our SOC2 Type 2 report, we've proven our systems are built to exceed both of those goals and more. From our Business Continuity Planning to our off-site backups, to our intelligent inserting, and everything in-between, we designed our systems to protect, store, and process your data securely.

Confidence that our systems are securely operating as designed

Finally, it's one thing to design a system that securely handles your data: it's another to prove the system performs over the long term.

In SOC 2 terminology, this is "operating effectiveness." It means you can have peace of mind knowing our controls are in place to work every time, all the time.

Our production and security protocols ensure the confidentiality and integrity of your data are always maintained. 

Our SOC 2 Type 2 compliance report proves it.

Let it give you the confidence it gives us, namely that your data is in good hands with Streamworks, your SOC 2 compliant partner.

Streamworks provides secure marketing services to help move your business towards success. We show this by earning our SOC 2 Type 2 compliance every year, with our continuous security awareness training, process testing, and ongoing strengthening of our security measures.

We're proud to be SOC 2 Type 2 compliant, and we're pleased to bring these benefits to your company.

Wondering how to evaluate secure marketing partners? Download our Secure Marketing Communications Checklist to screen vendors so you can find a trusted marketing partner for your sensitive data.