Security at Net Friends

Strong partnerships are built on trust. We earn your trust with our commitment to compliance. Net Friends is a SOC 2 Type II compliant IT provider.

"It is our duty to provide customers with a non-biased, third party confirmation of our information security practices." — John Snyder, Net Friends CEO

SOC 2 Type II compliance is the gold standard. This audit certification validates that Net Friends is the expert technology advisor that your business needs.

Why SOC 2 Type II Compliance?

We voluntarily engage in a SOC 2 Type II audit each year because it's best practice. We prioritize this audit because it's the right thing to do. With a non-biased auditor, Net Friends is held accountable to strictly adhering to the best practice of our information technology framework and controls.

A third-party auditor challenges us to maintain rigorous records of how we adhere to our policies and procedures every day, all year long. Our auditor ensures we continue to evolve and adapt our controls to protect against emergent threats with tactical playbooks and novel techniques. They also critique and confirm the overall design of our controls. You deserve an IT support company that is both continuously improving and constantly held accountable to the highest standards.

Annual SOC 2 Commitment

Since 2019, our SOC 2 Type II audits have been performed annually by KirkpatrickPrice. The auditor validates the (1) security, (2) availability, and (3) confidentiality of our internal systems and controls, as stipulated by the AICPA's Trust Services Criteria.

Our annual SOC 2 report is typically issued by April of each year. We're happy to make this report available upon request to our existing and prospective customers.

This continuous audit engagement (as opposed to a single point-in-time audit) is a stronger indicator of our IT excellence and commitment to remain vigilant and in top form. Read the announcement for our latest attestation:

Learn More
Certificate of Audit Graphic


Securing Internal Systems & Controls

AICPA defines the Security Trust Services Criteria as ensuring: Information and systems are protected against (1) unauthorized access, (2) unauthorized disclosure of information, and (3) damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to achieve its objectives.

This is the only criteria that is required in any SOC 2 audit. Security is known as a “common criteria,” because all Trust Services Criteria share the same core evaluation elements associated with Security.

Net Friends uses the ISO 27001 cybersecurity framework to establish our control baseline that we’re measured against in our audit. Our Information Security Policy and Procedures are all rigorously mapped to the standards defined in these management system documents. Additionally, this underpins our risk-based security controls and ensures we’ve covered all our bases and have mitigated problems with appropriate resources and prioritization.

All physical and logical components of the Net Friends business are within the scope of the SOC 2 Type II audit. Our customers can be assured that our team of experts has put in the work to design, implement, manage, and maintain adequate and appropriate security controls to keep their data secure and protected.



Ensuring High Availability for IT Support

AICPA defines the Availability Trust Services Criteria as ensuring: Information and systems are available for operation and use to meet the entity’s objectives. Nearly all organizations include this optional criteria in their SOC 2 audit.

Because Net Friends is a service organization that provides critical IT management and IT support functions, we must maintain a high level of availability for our customers. We present all our customers with our Service Level Agreement and have put significant resources towards maintaining our availability standards. We also rigorously review the availability standards of our vendors and critical suppliers.

We understand that our customer’s business continuity relies on Net Friends to maintain our business continuity. We can assure our customers that availability is a top priority for us, and can demonstrate that we have invested heavily in bolstering and maintaining our high level of service availability through our SOC 2 Type II audit.



Protecting Confidential Information

AICPA defines the Confidentiality Trust Services Criteria as ensuring: Information designated as confidential is protected to meet the entity’s objectives. The majority of SOC 2 audit reports for mature companies will include this optional criteria.

Because Net Friends interacts with Intellectual Property, business plans, and other forms of highly confidential information, we felt it was important to include the optional Confidentiality Trust Services Criteria. Our customers can be assured that we know how to identify, maintain, and effectively dispose of confidential information on their behalf.

If it's important for your organization to partner with a secure and compliant IT provider (which should be true for everyone!), contact Net Friends today!

Our friendly IT Experts are here for you. Contact Us Today!

Searching for a SOC 2 compliant
IT partner you can trust?

Connect With A [Net] Friend
Contact Net Friends