IT Glue, the MSP documentation platform provider, is now service organization control (SOC) 2 compliant, which confirms the company follows best practices with respect to security in terms of both infrastructure and process.SOC 2 compliance enables IT Glue to provide additional peace of mind to its MSP partners, CEO Chris Day (pictured above) told ChannelE2E. It also allows the company to meet a high standard in terms of how it treats sensitive information, Day stated."We feel that this is the least we can do to provide our partners with the evidence they need to trust our processes," he said.For IT Glue, the SOC 2 compliance process required 18 months to complete, Day told ChannelE2E. To pass the audit for SOC 2 compliance, the company needed to demonstrate best security practices in the following areas:Ultimately, the SOC 2 compliance process proved to be "very comprehensive," Day stated."We had to develop an entire framework to run the business on. Setting up the needed controls and actually executing against them is a whole other animal. We worked with several experts on a continuous basis over this period to achieve this," he said.
What Is SOC 2 Compliance?
SOC 2 is one of three SOC certifications created by the American Institute of Certified Public Accountants (AICPA). It is designed for cloud and SaaS companies and emphasizes security and operational metrics.The standard consists of five Trusted Services Principles (TSPs):- Security.
- Availability.
- Processing integrity.
- Confidentiality.
- Privacy.
- Physical infrastructure.
- The software that it uses.
- The personnel involved in governance.
- Automated and manual processes that is uses.
- Data.
