AICPA defines the Security Trust Services Criteria as ensuring: Information and systems are protected against (1) unauthorized access, (2) unauthorized disclosure of information, and (3) damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to achieve its objectives.
This is the only criteria that is required in any SOC 2 audit. Security is known as a “common criteria,” because all Trust Services Criteria share the same core evaluation elements associated with Security.
Net Friends uses the ISO 27001 cybersecurity framework to establish our control baseline that we’re measured against in our audit. Our Information Security Policy and Procedures are all rigorously mapped to the standards defined in these management system documents. Additionally, this underpins our risk-based security controls and ensures we’ve covered all our bases and have mitigated problems with appropriate resources and prioritization.
All physical and logical components of the Net Friends business are within the scope of the SOC 2 Type II audit. Our customers can be assured that our team of experts has put in the work to design, implement, manage, and maintain adequate and appropriate security controls to keep their data secure and protected.
AICPA defines the Availability Trust Services Criteria as ensuring: Information and systems are available for operation and use to meet the entity’s objectives. Nearly all organizations include this optional criteria in their SOC 2 audit.
Because Net Friends is a service organization that provides critical IT management and IT support functions, we must maintain a high level of availability for our customers. We present all our customers with our Service Level Agreement and have put significant resources towards maintaining our availability standards. We also rigorously review the availability standards of our vendors and critical suppliers.
We understand that our customer’s business continuity relies on Net Friends to maintain our business continuity. We can assure our customers that availability is a top priority for us, and can demonstrate that we have invested heavily in bolstering and maintaining our high level of service availability through our SOC 2 Type II audit.
AICPA defines the Confidentiality Trust Services Criteria as ensuring: Information designated as confidential is protected to meet the entity’s objectives. The majority of SOC 2 audit reports for mature companies will include this optional criteria.
Because Net Friends interacts with Intellectual Property, business plans, and other forms of highly confidential information, we felt it was important to include the optional Confidentiality Trust Services Criteria. Our customers can be assured that we know how to identify, maintain, and effectively dispose of confidential information on their behalf.
If it's important for your organization to partner with a secure and compliant IT provider (which should be true for everyone!), contact Net Friends today!