IT Glue Earns SOC 2 Compliance


IT Glue, the MSP documentation platform provider, is now service organization control (SOC) 2 compliant, which confirms the company follows best practices with respect to security in terms of both infrastructure and process.

SOC 2 compliance enables IT Glue to provide additional peace of mind to its MSP partners, CEO Chris Day (pictured above) told ChannelE2E. It also allows the company to meet a high standard in terms of how it treats sensitive information, Day stated.

"We feel that this is the least we can do to provide our partners with the evidence they need to trust our processes," he said.

What Is SOC 2 Compliance?

SOC 2 is one of three SOC certifications created by the American Institute of Certified Public Accountants (AICPA). It is designed for cloud and SaaS companies and emphasizes security and operational metrics.

The standard consists of five Trusted Services Principles (TSPs):

  • Security.
  • Availability.
  • Processing integrity.
  • Confidentiality.
  • Privacy.

For IT Glue, the SOC 2 compliance process required 18 months to complete, Day told ChannelE2E. To pass the audit for SOC 2 compliance, the company needed to demonstrate best security practices in the following areas:

  • Physical infrastructure.
  • The software that it uses.
  • The personnel involved in governance.
  • Automated and manual processes that is uses.
  • Data.

Ultimately, the SOC 2 compliance process proved to be "very comprehensive," Day stated.

"We had to develop an entire framework to run the business on. Setting up the needed controls and actually executing against them is a whole other animal. We worked with several experts on a continuous basis over this period to achieve this," he said.

What Does SOC 2 Compliance Mean for IT Glue and Its MSP Partners?

SOC 2 compliance ensures IT Glue partner data has been stored safely, and this has been verified by a third party. It also may open new opportunities for IT Glue's MSP partners.

"In some industries,  certification is required. MSPs wishing to service customers needing reliable security know that they can use IT Glue to help meet the needs of those customers," IT Glue wrote in a blog post. "SOC 2 is also valuable for courting government business, or any client that deals with highly sensitive data."

IT Glue is investigating other meaningful designations that it may be able to achieve, Day told ChannelE2E. SOC 2 certification also will require IT Glue annual recertification and auditing, Day said.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.