SOC 2 (System and Organization Controls for Service Organizations) is important on many different levels. Cyber Advisors received its SOC 2 Type 1 certification in 2021. In early 2022, Cyber Advisors executed on our SOC 2 Type 2. This audit was successful, and Cyber Advisors received compliance in Q2 2022.
There are multiple levels of SOC 2 compliance, but for the purpose of simplification and commonality, we will focus in on 2 levels. Type 1 requires you to present all of your controls and governance, and Type 2 requires you to prove it. (The real proof is in a Type 2)
SOC 2 is very common in the services business. It allows organizations to adopt and implement the necessary controls to protect any customer data. Your managed IT services or professional IT services provider should be fully SOC compliant on your behalf - as many breaches are taking place through IT service providers and cloud organizations.
According to IBM, the average cost of a data breach in 2021 was 4.24M. A SOC 2 audit is a good investment to help avoid the risk of being a data breach statistic.
Many customers are demanding SOC 2 compliance from their partnerships. This is great news, as it proves the fact that Cyber Advisors customers are thinking about security and demanding more from their service partnerships.
What is your stance on SOC 2? Does your business require it from your IT service provider? If they store any of your data (or metadata), it may be time to consider pushing your provider towards SOC 2 compliance.