Compliance: SOC 2 Type II —
We’re SOC 2 Type II certified.
GovFolio maintains compliance and annual SOC 2 Type II certification for our SaaS platforms.
To achieve and maintain SOC 2 Type II certification, The GovFolio team undergoes an annual audit that evaluates several key areas across its facilities, systems, policies, and practices. This includes a thorough review of the software environment, covering application development, provisioning, and operational support controls. The audit also examines the the team involved in operating and using these systems and applications, ensuring proper roles, responsibilities, and access controls are in place. Additionally, both automated and manual procedures that govern the operation of systems and applications are assessed for effectiveness and compliance. Finally, the security protocols and controls surrounding the data managed within these systems are evaluated to confirm that information is properly protected, handled, and maintained.
The Service Organization Control (SOC) 2 examination demonstrates that an independent auditing firm has reviewed and examined an organization’s control objectives and activities and tested those controls to ensure that they are operating securely and effectively.
-
- Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data. The SOC 2 certification is issued by outside auditors; they assess and report on the extent to which an organization complies with one or more of the five trust categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) based on their systems and processes.
- There are two types of SOC 2 reports: Type I and Type II. The Type II report is issued to organizations that have audited controls in place and the effectiveness of the controls have been audited over a specified period of time. The Type I report is preliminary to the Type II report and is based on the ability to test and report on design. Type I reports are issued to organizations that have audited controls in place but have not yet audited the effectiveness of the controls over a period of time.
- Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data. The SOC 2 certification is issued by outside auditors; they assess and report on the extent to which an organization complies with one or more of the five trust categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) based on their systems and processes.
Why is SOC 2 Type II important to our clients and their customers?
It provides a level of confidence and comfort. A SOC 2 Type II certified platform like GovFolio ensures that data is kept secure through the consistent implementation of standardized controls.
How does it impact data centre infrastructure?
Data centre services such as managed services, hosting, and colocation developed by a SOC 2 certified organization must be developed following audited processes and controls. Services designed, implemented, tested, and monitored under these audited processes and controls ensure the highest level of trust and security.
How does it impact software?
Software developed by a SOC 2 certified organization must be developed following audited processes and controls. Software developed, reviewed, tested, and released under these audited processes and controls ensures the highest level of trust and security.