At SOUTHWORKS we invest in security best practices to make sure your data stays safe, so your team can focus on solving problems. Today we’re excited to share even more progress: SOUTHWORKS has achieved the AICPA Service Organization Controls (SOC) 2 Type for its Software Development services. And for our international customers, we’ve also achieved compliance with IAASB International Standards on Assurance Engagements (ISAE 3000). Our report also includes the mapping of SOC 2 controls to Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
You can request a copy of these audit reports through our Information Security Support team at firstname.lastname@example.org.
We’re proud of this milestone, but security is an ongoing effort. Our information security program is continually focused on providing the best software development services around the world. The SOC/ISAE reports, and the ISO 9001:2015 are all ways we’ve committed to providing our customers and their auditors with appropriate levels of assurance that their data is safe and secure with us. As we work to improve our security posture, we’re also committed to issuing SOC 2 Type 2 assurance reports in a year and will continue on that cadence.
Additionally, we have certified our compliance with the Microsoft Supplier Data Protection Requirements, Version 5, September 2018 (DPRs) with respect to the development services that we perform for Microsoft.
What is SOC?
SOC for Service Organizations are assurance reports on the internal controls of service organizations. These reports help people looking to use an outsourced software development service like SOUTHWORKS assess and address the associated risks.
SOC 2 is considered the gold standard for security compliance for companies in the US. SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the secure protection of customer data.
ISAE 3000 assurance opinion is included in SOC 2 Type 1 report. These enable us to represent our commitment to Security under an internationally recognized audit standard.
Our 2019 SOC reports provide assurance that SOUTHWORKS is complying with the standards of the AICPA guidelines. To achieve compliance with the SOC and ISAE requirements, SOUTHWORKS has implemented and adheres to common controls over security, the ones that matters most to our customers.
The audit demonstrates that these controls are operating effectively and that they cover operational practices like logical and physical access management, data storage and recovery, encryption, change management, vendor management, incident management, detection and response, security and privacy awareness training, and organizational management.
Originally published by Johnny G. Halife for SOUTHWORKS on Medium 17 September 2019