Last year, we at Ancero announced that we had earned the System and Organization Controls (SOC) 2 Type II certification that covers all of our facilities, business processes, and cloud services. The SOC 2 Type II audit and certification, conducted by by The Moore Group, LLC, an independent CPA firm, confirms that Ancero meets the strict information security and privacy standards for the handling of highly sensitive customer data established by the American Institute of Certified Public Accountants (AICPA).
Today, we’re proud to announce that our SOC 2 Type II certification has been renewed.
This is major news not only for Ancero, but for our clients who rely on Ancero to meet increasingly strict compliance standards for systems, resources, and data in cloud environments. With the California Consumer Privacy Act (CCPA) taking effect in January 2020 and similar legislation being developed by other states, organizations need the confidence and peace of mind that government and industry regulations, as well as organizational security policies, are being followed.
What Is SOC 2 Type II Certification?
SOC 2 Type II reports are the most comprehensive certification within the SOC protocol. A service organization can select to be evaluated by any or all of the trust service principles provided by the American Institute of Certified Public Accountants (AICPA) and Ancero chose to be reviewed on service and availability. Businesses seeking a vendor for cloud solutions or IT managed services will find SOC 2 Type II is the most useful certification when considering a service provider’s credentials.
SOC 2 Type II certification requires far more than a comprehensive technical audit. Cloud service providers like Ancero must demonstrate to an independent, third-party firm over a long period of time that information security operations, policies, and procedures meet strict security and compliance standards.
That’s because verification of security and compliance capabilities require more than completing a checklist during an annual audit. Security and compliance, and the ability to adapt to evolving risks and requirements, are disciplines that must be practiced each day to ensure data protection, integrity, availability and reliability.
Visit the AICPA for more information on SOC 2 Type II certification.
The Specifics of Ancero’s SOC 2 Type II Certification
Ancero has again been certified in the trust principles of security and availability.
- This principle involves the use of firewalls, two-factor authentication, intrusion detection, and other tools to control access to systems, resources, and data in a way that ensures regulatory compliance. The updated security trust principal includes new elements related to confidentiality.
- This principle involves the ability to access systems, resources, and data according to the terms of a service level agreement (SLA). Capabilities include network performance monitoring, site failover, and security incident handling.
SOC 2 Type II certification, combined with the Microsoft Azure’s stringent regulations and 71 certifications, provide Ancero clients with assurance that the cloud platform and services they’ve chosen are safe and secure. This is important not only for heavily regulated industries such as financial services, healthcare, and retail, but all organizations that now must comply with new data privacy regulations.
Do you have questions about how Ancero’s cloud platform adheres to your compliance requirements? Contact us to schedule a managed IT consultation.