Enhance Data Security and Privacy with SOC 2 Compliance
SOC 2 Compliance Certified
SOC 2 compliance is a commitment to data privacy through data protection. Kiteworks is a SOC compliant business partner with SOC 2 Level 1 attestation and the Kiteworks enterprise content firewall enables SOC 2 certification. As a result, you can have peace of mind knowing our systems and processes are certified to keep your data protected and private.
Our Services Meet Rigorous SOC 2 Standards
SOC 2 Compliance Standards
- Security – protected against unauthorized access
- Availability – available for operation 24/7/365
- Processing Integrity – complete, accurate, timely and authorized
- Confidentiality – confidential information is protected
- Privacy – personal information is treated in accordance with AICPA and CICA
Continuous Monitoring and Reporting Protects Your Data
SOC 2 Compliance Monitoring
- Continuous monitoring
- Visibility of content storage, access and use
- Detailed, auditable reporting
Data Protection Validated
SOC 2 Compliance Certifications
- Service carries SOC 2 Type II certification
- Hosted data centers are SSAE-16 / SOC 2 compliant
- Periodic external assessments according to SAS70 Type II
Frequently Asked Questions
SOC 2 (Service Organization Control 2) is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for evaluating a service organization’s data security and privacy practices. The AICPA has established five trust principles that serve as the basis for SOC 2 compliance: security, availability, processing integrity, confidentiality, and privacy. SOC 2 compliance helps organizations demonstrate their commitment to protecting customer information, providing assurance to their customers and business partners. In order to demonstrate SOC 2 compliance, organizations are evaluated for the effectiveness of their controls related to the security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 compliance is not a one-time event. Organizations must undergo regular audits to maintain their SOC 2 compliance status.
SOC 2 compliance is important because it helps organizations enhance data security and privacy, build trust with their customers, and comply with regulatory requirements. SOC 2 compliance also assures customers and business partners that an organization has effective controls in place to protect their sensitive content.
To become SOC 2 compliant, an organization must undergo an audit conducted by an independent auditor. The audit evaluates the effectiveness of the organization’s controls relatedto the five trust principles established by the AICPA: security, availability, processing integrity, confidentiality, and privacy. The audit process typically involves a risk assessment to identify potential security risks and implement controls to mitigate those risks. The audit process also includes a review of the organization’s policies, procedures, and systems, as well as interviews with employees and a site visit. Organizations must undergo regular audits to maintain their SOC 2 compliance status.
SOC 2 compliance offers several benefits to organizations, including: improved data security andprivacy practices by having identified areas for improvement and implementing effective controls; stronger trust with customers and business partners by demonstrating a commitment to data security and privacy; and additional business opportunities by having satisfied customer and partner requirements for data security and privacy.
The five trust principles established by the AICPA for SOC 2 compliance are:
- Security: The system is protected against unauthorized access, both physical and logical.
- Availability: The system is available for operation and use as committed or agreed upon.
- Processing integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed upon.
- Privacy: Personal information is collected, used, retained, disclosed, and destroyed in accordance with the organization’s privacy notice and with the criteria set forth in the AICPA’s privacy principles.