SOC 2 Type I & II
SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, and confidentiality or privacy. Datacate undergoes a regular third-party audit to certify individual products against this standard.
Datacate has completed an independently conducted Service Organization Control (SOC) 2sm Type II audit of its Colocation and Cloud Services System. Datacate had previously completed a SOC 2 Type I audit, including the relevant administrative, physical, and technical safeguards. SOC 2 Type I and Type II both report on the non-financial reporting controls and processes at a service organization as they relate to the Trust Services Principles (TSP). The Type I report attests that the controls are suitably designed and implemented. The Type II report goes further, attesting to the operating effectiveness of the controls by auditing operating records over a minimum six-month period.
Datacate’s SOC 2 Type I and Type II reports can be made available to clients who have signed an NDA. Datacate’s publicly distributable SOC 3 report can be freely downloaded from Datacate’s public website.
Datacate’s Service Organization Control (SOC) 2sm examination for its Rancho Cordova, CA facility is enhanced with the alignment of controls to the Health Insurance Portability and Accountability Act (HIPAA) security rule 45 CFR Section 164.308, 164.310, and 164.312. Mappings to HIPAA include the relevant administrative, physical, and technical safeguards to protect electronic protected health information (e-PHI).
The report attests to Datacate’s compliance with SOC 2sm and HIPAA requirements. Due to extensive overlap between TSP criteria and that of HIPAA, this unified SOC “plus” report effectively attests to Datacate’s compliance with all.
Current and prospective clients can rest assured that Datacate will be able to meet the needs of projects that require enhanced security or conformance to HIPAA regulations. Datacate can provide a Business Associates Agreement (BAA) to clients who will be hosting data that falls under HIPAA requirements.
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices in Cloud Security Management (CSM) to help ensure a secure cloud computing environment. CSA operates the most popular certification program for cloud security providers, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered provider assurance program of self-assessment, 3rd-party audit, and continuous monitoring.
Datacate’s Service Organization Control (SOC) 2sm Type II audit of its Cloud Services System incorporates additional mappings for CSM. The CSM section of the report attests to Datacate’s compliance with those standards by mapping SOC controls to the corresponding criteria in CSM. Due to extensive overlap between TSP criteria and that of CSM, this unified SOC “plus” report effectively attests to Datacate’s compliance with all.
By completing this audit, Datacate earned a CSA STAR Attestation. The CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix. STAR Attestation provides for rigorous third party independent assessments of cloud providers.