Data and IT security are table stakes in today’s digital world. But for non-techies, what are these certifications and security measures, what do they mean and why do they matter? The jargon of alphabet soup is admittedly confusing and to the layman, they may appear the same. Let’s walk through a couple and explain why they absolutely matter and are worth the cost and effort.
Let’s start with Vetter’s SOC 2 certification. SOC, or System and Organization Controls certifications are based on standards published by AICPA , the American Institute of CPAs. The standard for SOC 2 focuses on five key principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Net Gain IT has a great summary of the three SOC certifications, and their differences. Many large cloud service providers are SOC compliant, including companies like Amazon, Google, Microsoft, Dropbox, Rackspace and many others.
Vetter has taken the time to earn the certifications. We wanted to ensure we put everything in place that we could to protect our clients and consumers. We’ve certified that the systems are secure, our practices for data handling is compliant, and our security policies are documented and followed.
But SOC 2 does not cover data after it leaves the network. We do what we can to protect it there too. We use 256-bit encryption to protect our data connections. So, while an end-user is signing up or we’re sharing data with a partner, all parties involved can be certain no one is eavesdropping on the connection (also known as a Man-in-the-middle attack). You’re probably familiar with sites where customer data is collected that are protected with HTTPS. HTTPS pages typically use SSL (Secure Sockets Layer) or TLS (Transport Layer Security), so the website data is encrypted within an encrypted connection for essentially two layers of defense from cyber-criminals. End-users expect and deserve nothing less.
Why does all this matter? It’s just a report that can be shared only with customers and their auditors. But really, it’s about protection. All of us have a duty to protect our customers and customers’ customers. In the modern digital world, hacking and data breaches are a real and ever-present threat. As stewards of our customers’ data, we must make sure we’re doing everything we can to protect such sensitive, personal and private information. We owe it to our customers and ourselves.
Security, Growth, Compliance – We’ve got you covered. Contact Vetter today to learn more!