December 21, 2022

    Sharetru Has Successfully Passed the SOC 2 Type II Audit

    Today is another milestone for Sharetru! We have successfully undergone an independent SOC 2 Type II audit conducted by our partner, A-Lign. Navigating the SOC 2 Type II audit successfully ensures to our customers residing in our FedRAMP moderate authorized datacenter that we provide the security controls necessary to protect the data they hold in – and transfer through – our platform.

    What is a SOC 2 report?

    First, the SOC acronym stands for System and Organization Controls. Put differently, SOC is a reporting framework for cybersecurity risk management that includes different frameworks depending on your type of organization. SOC 2 is designed for service providers.

    This SOC framework—and the SOC 2 requirements for service providers—are the standard for securing data, files, and information. At Sharetru, we are SOC 2 certified, with an add-on for advanced security and compliance enablement considered in scope. This ensures our users can confidently use our SOC 2 compliant file sharing service to secure data and files while minimizing their risk of outside threats.

    See below for more details on the SOC framework, SOC 2 compliance, plus what it means for your organization.

    What is the difference between SOC 2 Type I and SOC 2 Type II?

    The first stage (Type I) of SOC compliance entails an audit of the organization’s controls at a single point in time and getting the necessary controls in place within an organization to meet the standards of the framework.

    Service providers who protect their customers’ data will achieve SOC 2 Type II certification by proving they follow the SOC controls over a period of time. This is achieved by passing a more thorough and strenuous auditing process involving three different areas:

    • Document Review
    • Personnel Interviews
    • Organizations Inspections

    What are the benefits of SOC reporting?

    The SOC framework wasn’t intended to create tasks for organizations to complete. Rather, it was initially created as a public service that would actually create benefits for the organizations that followed it. The SOC framework was designed to:

    • Create common criteria. The SOC framework standardizes cybersecurity reporting, creating common criteria for disclosures and regular assessments of effectiveness.
    • Lessen the burden of communication and reporting. The relatively streamlined nature of SOC reporting is meant to lessen the communication and reporting burden on organizations. While there are strict reporting requirements, these requirements are as minimal as possible to allow organizations to focus on other important aspects of their businesses.
    • Provide interested parties with useful and pertinent information. An organization's SOC reporting needs to be able to quickly and confidently share relevant information with interested parties. Whether those parties are prospective users, board members, senior management, etc.
    • Outline best practices. The SOC framework provides leaders with best practices they can implement for their organizations. SOC requirements are also flexible, which allows those same leaders to adapt without constricting organizations to a single process or approach.
    • Scale for organizations of different sizes. Whether you are part of a small business or a multinational corporation, the SOC framework can be adopted to scale.
    • Evolve to meet real-time needs. The SOC framework is constantly evolving, as it should. This is meant to provide us with the ability to respond to the latest cybersecurity threats. The SOC framework first launched 10 years ago as of writing this post. Since then, cybersecurity threats have evolved in ways we never imagined 10 years ago—and the SOC framework has adapted to meet these changes.

    What Does SOC 2 Type II Compliance Mean for Our Customers?

    SOC 2, as developed by the AICPA, has become the most acceptable framework for implementing effective, verifiable safeguards against cybersecurity threats. At Sharetru we invest time, energy, and resources into developing and implementing these controls to ensure we’re always SOC 2 Type II audit ready. With the SOC framework being so widely accepted as the standard in cybersecurity, our users can rest assured we have in place the most modern and most effective cybersecurity protections available.

    Some of our users inquire about ISO 27001 vs SOC 2. At Sharetru, we choose to comply with both frameworks. We adhere to both ISO 27001 and SOC 2 standards at the data center layer, which gives our users industry-leading security for their files. Dual compliance with ISO 27001 and SOC 2 ensures our users’ data is hosted in a secure, military-grade, government-authorized data center.

    Are you a Sharetru customer in need of a copy of our SOC 2 Type II report? Or are you curious about your current plan and wondering if it was considered in scope for this audit? Contact us today — or open a ticket with our support staff — and we'll be happy to assist!

    Tag(s): Compliance , SOC , Featured

    Arvind Mistry

    Arvind, Sharetru's Director of Compliance, brings 11+ years' experience in cloud solutions for Federal Govt. & public sector from esteemed companies.

    Other posts you might be interested in

    View All Posts