Why is SOC II Compliance Important? 

If you own or manage a company that stores and processes sensitive information, it may be a good idea to make sure that your company is SOC2 compliant.  

A SOC2 Type II report focuses on five areas of service delivery in particular: security, availability, processing integrity, confidentiality, and privacy. 

‘Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage toSOC2 compliance systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to achieve its objectives.[1]

Availability refers to the accessibility of information used by the entity’s systems as well as the products or services provided to its customers.[2] 

Processing integrity refers to the completeness, validity, accuracy, timeliness, and authorization of system processing. Processing integrity addresses whether systems achieve the aim or purpose for which they exist and whether they perform their intended functions in an unimpaired manner, free from error, delay, omission, and unauthorized or inadvertent manipulation.[3] 

Confidentiality addresses the entity’s ability to protect information designated as confidential from its collection or creation through its final disposition and removal from the entity’s control in accordance with management’s objectives.[4] 

Privacy. Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.’[5] 

QuestMark manages sensitive data in many cases.  We make sure that customer information is safe, secure, and confidential at all times, but allow it to be accessed by appropriate personnel when necessary. 

QuestMark’s Current SOC2 Compliance Level 

QuestMark utilizes a licensed CPA firm to audit and test QuestMark controls and provide SOC 2 Type II attestation reports. QuestMark has passed a successful audit and test of the SOC 2 Type II controls as established by the American Institute of Certified Public Accountants (AICPA). 

If you have any questions, please contact us or call us at 713-662-9022. 

 

[1] https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf 

[2] https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf 

[3] https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf 

[4] https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf 

[5] https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf 

 

Please follow and like us:
Summary
What is SOC II and Why is it Important?
Article Name
What is SOC II and Why is it Important?
Description
If you own or manage a company that stores and processes sensitive information, it may be a good idea to make sure that your company is SOC2 compliant.   A SOC2 Type II report focuses on five areas of service delivery in particular: security, availability, processing integrity, confidentiality, and privacy. 
Author
Publisher Name
QuestMark Information Management, Inc.
Publisher Logo