Today is another milestone for Sharetru! We have successfully undergone an independent SOC 2 Type II audit conducted by our partner, A-Lign. Navigating the SOC 2 Type II audit successfully ensures to our customers residing in our FedRAMP moderate authorized datacenter that we provide the security controls necessary to protect the data they hold in – and transfer through – our platform.
First, the SOC acronym stands for System and Organization Controls. Put differently, SOC is a reporting framework for cybersecurity risk management that includes different frameworks depending on your type of organization. SOC 2 is designed for service providers.
This SOC framework—and the SOC 2 requirements for service providers—are the standard for securing data, files, and information. At Sharetru, we are SOC 2 certified, with an add-on for advanced security and compliance enablement considered in scope. This ensures our users can confidently use our SOC 2 compliant file sharing service to secure data and files while minimizing their risk of outside threats.
See below for more details on the SOC framework, SOC 2 compliance, plus what it means for your organization.
The first stage (Type I) of SOC compliance entails an audit of the organization’s controls at a single point in time and getting the necessary controls in place within an organization to meet the standards of the framework.
Service providers who protect their customers’ data will achieve SOC 2 Type II certification by proving they follow the SOC controls over a period of time. This is achieved by passing a more thorough and strenuous auditing process involving three different areas:
The SOC framework wasn’t intended to create tasks for organizations to complete. Rather, it was initially created as a public service that would actually create benefits for the organizations that followed it. The SOC framework was designed to:
SOC 2, as developed by the AICPA, has become the most acceptable framework for implementing effective, verifiable safeguards against cybersecurity threats. At Sharetru we invest time, energy, and resources into developing and implementing these controls to ensure we’re always SOC 2 Type II audit ready. With the SOC framework being so widely accepted as the standard in cybersecurity, our users can rest assured we have in place the most modern and most effective cybersecurity protections available.
Some of our users inquire about ISO 27001 vs SOC 2. At Sharetru, we choose to comply with both frameworks. We adhere to both ISO 27001 and SOC 2 standards at the data center layer, which gives our users industry-leading security for their files. Dual compliance with ISO 27001 and SOC 2 ensures our users’ data is hosted in a secure, military-grade, government-authorized data center.
Are you a Sharetru customer in need of a copy of our SOC 2 Type II report? Or are you curious about your current plan and wondering if it was considered in scope for this audit? Contact us today — or open a ticket with our support staff — and we'll be happy to assist!
Arvind is Director of Compliance and Programs at Sharetru. He came to Sharetru with 11+ years of experience in offering cloud solutions to the Federal Government and public sector channels at companies such at Rackspace, IBM, UNICOM, A10 and Radware Alteon. He is based in the Washington, D.C. area.