Data is now the most valuable and vulnerable thing many organizations possess. Let that sink in for a minute – if your company is not solely responsible for its data (and that of your clients), what company is? And how much do you know about their process?
The truth is, any IT partner is seeing your data and interacting with it in some way. Whether you have managed IT services, break-fix troubleshooting, backup and disaster recovery, or cloud services like email and storage – the access they have to your network, systems and data is unprecedented. Having a partner who doesn’t fully understand the risks and take proper security measures can result in disaster. In addition to that, they build contracts to indemnify themselves.
When you’re making decisions on behalf of a company, you need to know those decisions are sound. That’s not solely your responsibility as an IT client – it should be the responsibility of your IT partners too. Wouldn’t you rather know your partner has the right controls in place to protect your business? Versus wondering if they can actually do what they say they will?
As a CEO in the IT industry, I feel a deep responsibility to ensure that our organization knows the risks and takes every step possible to protect the clients trusting us with their business. That’s why ADNET underwent one of the most rigorous third-party audits available in our field – SOC 2 Type II.
What is SOC 2?
SOC 2 is based on five core competencies, known as the Trust Service Criteria. The criteria include:
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
In order to achieve compliance, an organization has to prove that it can be trusted to keep its clients’ data secure. Policies have to be defined, documented and verified in order to be counted toward the criteria.
Undergoing this audit meant ADNET’s internal controls, processes and policies were thoroughly examined and tested over a period of time by a third-party auditor. It was at times painful, it was expensive, and it was a lengthy, labor intensive process for those involved – but I’m proud to say ADNET has achieved SOC 2 Type II compliance.
Why is compliance important?
Security, availability and confidentiality should be a given – but the sad truth is that they aren’t. You have to research, dig deep and see who can back up the claims being made about providers that are going to keep your business safe. It’s in your best interest to work with service organizations who have taken the guesswork out of this and achieved SOC 2 compliance.
As an example, think about it like going out to eat at a local restaurant. Most likely, you assume the people in the kitchen have had proper training and achieved relevant certifications such as ServSafe. You probably also assume that the health inspector has found the kitchen satisfactory and everything is to code. If you went to that same restaurant and asked the manager about passing inspection and certifications and they couldn’t give you a straight answer, would you still be comfortable eating there? Your business isn’t any different. You shouldn’t have to take anyone’s word for it. Make your partners prove they’re capable.
Why should IT Partners go through a SOC 2 audit?
Above all, we owe it to our clients and partners to show that we take security seriously. We’ve been laser focused on security for years and we’re confident in our approach.
I personally feel that anyone in the IT industry has the responsibility to undergo a SOC 2 audit. Make the investment in your clients that you’re asking them to make in you. If you’re an IT services provider and you haven’t taken this step, you’re doing a disservice to your clients and the entire industry. For those already prioritizing security in your offerings, this should be a no-brainer. In conclusion, clients deserve the safety and security of knowing they have a partner they can trust, who’s not afraid to prove it.