At 3rdRisk, we are proud to announce that we received our SOC 2 Type 1 report in February 2023. The report confirms and details the security and privacy safeguards we’ve implemented in compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria). This is a huge accomplishment for us, and it means that customers can be confident that their data is safe and secure. But what does this mean for you? Let's look at what SOC 2 Type 1 compliance is and why it's so important.

What is SOC 2 Type 1 compliance?

SOC 2 Type 1 compliance shows that we have implemented an effective system of controls over the security, availability and confidentiality of your data or information systems. It also displays that we have the governance, infrastructure, and systems in place to protect client information from unauthorized access. In other words, being SOC 2 compliant implies that our customer data is secure with us.

What are the benefits of being SOC 2 compliant?

The major benefit of being SOC 2 compliant is having the assurance that your data is protected by industry-standard security protocols. This means you can be confident that all of your data is safe and secure with us, even if someone tries to access it without authorization. Additionally, you can rest assured knowing that all of our processes are legally compliant with any applicable laws or regulations - meaning there's no risk involved when working with us!

How did we achieve SOC 2 compliance?

In achieving SOC 2 type 1 compliance, our former-cybersecurity consultant experience was invaluable. DRATA’s continuous monitoring technology allowed us to monitor our control environment in real time. It gave us the insight to ensure our security controls were always up to par. But this wouldn't have been possible without regular workshops with the management board to hone and define the right governance practices and processes. In other words, a hefty combination of human intelligence and modern tech created a strong system of protecting against cyber threats that landed us at SOC 2 type 1 compliance.

What are the next steps?

We received a Type 1 report, which was a point-in-time audit. Each control was assessed based on a random sample at that time. With the completion of Type 1, the audit period for a Type 2 report kicks off. We will continue prioritizing data protection and pursue the SOC 2 Type 2 report to ensure we meet industry standards and market expectations. After six months, our auditing firm Assurancelabs will sample across the entire audit period to verify each control’s effectiveness and provide the SOC 2 Type 2 report.

Do you want to know more?

Do you have any questions about how SOC 2 compliance works or how we adhere to it? Are you interested in learning how our secure platform can help manage your third-party and internal control risks? We’re ready to help. To learn more, request a demo or send an e-mail to support@3rdrisk.com. We look forward to hearing from you soon!