What does a SOC 2 Report certify?
It is not enough for a company to declare they safeguard their customer data. A SOC 2, System and Organization Control 2 report provides objective confirmation to prove that a company has effective customer data security controls.
SOC 2 is industry-standard accreditation for cloud-service or Software as a Service companies that confirms security compliance, verifying the customer data is in safe hands, fortified against any attacks, and protected as you continue to use the product.
SOC 2 auditors establish the evaluation criteria on a case-by-case basis. When undergoing the rigorous SOC 2 testing, the auditors took the unique risks of Match My Email’s service into account, including:
- Security – Match My Email’s SOC 2 report certifies that no one can access the systems without authorization.
- Availability – Match My Email’s security system is constantly available, recovery and backup-tested, and the organization has the correct BCP (Business Continuity Plans) and DR (Disaster Recovery) plans and procedures in place.
- Confidentiality – The sensitive information gathered from customers through their usage of Match My Email’s software and their business relationship with our organization is secure.
- Processing integrity – Match My Email’s processing system is compliant with the SOC2 standards, confirming the processing inputs and outputs are correct.
- Privacy – SOC2 confirmed that Match My Email’s privacy standards protect each user’s Personally Identifiable Information (PII).
SOC 2 reporting isn’t required. Match My Email has decided to undergo preventative SOC 2 auditing to confirm that our organization’s information environment is secure and reinforce our
If you are interested in learning what Match My Email or any SOC 2-compliant company is doing to protect your data, you can request to review the report in a confidential environment.
What’s the difference between a SOC 2 Type 1 and SOC 2 Type 2 Report?
Both SOC 2 Type 1 and SOC 2 Type 2 audits confirm the information environment security of an organization. The key difference is the length of testing.
In a SOC 2 Type 1 audit, the organization’s security is audited at a specific point in time. For example, auditors evaluate the state of security control as it is on the day of July 21, 2022. Based on the objectives the organization outlined, the Type 1 report identifies risks and controls only in that aspect.
In a SOC 2 Type 2 report, the auditing is performed over an extended period. For example, a company might want to audit its processes across the span of 6 or 12 months. Unlike the Type 1 report, the Type 2 report does not only confirm that the organization meets its objectives but also audits how effective the internal processes are in achieving the objectives.
To put the differences simply: a SOC 2 Type 1 report confirms the organization protects its customer data with the right processes and controls in place. A SOC Type 2 report audits every process to show how the organization protects customer data in its systems, infrastructure, and control environment.
The SOC 2 audit is one the highest recognized standards of information security compliance in the world. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls with respect to information security. The SOC 2 Audited Report is the auditor’s opinion on how an organization’s security controls meet the SOC 2 criteria.
To obtain our audited SOC 2 Report, a third-party auditor, Johanson Group, reviewed our internal controls including policies, procedures and infrastructure regarding data security, firewall configurations, change management, logical access, backup and disaster recovery, security incident response and other critical areas of our business.
Thanks to a company-wide effort at Match My Email and with the help of our friends at Secureframe, we successfully achieved compliance and received an Auditor’s Report demonstrating that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria.
We believe the relationship with our customers must be built on trust. The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain that trust.
SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs.