Your first and last call for IT solutions to help you secure, optimize and innovate your business.
Assess, Educate & Remediate
SOC 2 Compliance Certification is an auditing process that demonstrates that your business manages customer data securely and in a comprehensive way that protects your customers’ privacy and the privacy of the business.
Developed by the American Institute of CPAs (AICPA), SOC 2 audits use five “trust service principles” to examine the way your business manages customer data:
SOC 2 Compliance Certification audits are performed by a third-party auditor (a certified public accountant) who will then issue the compliant business one of two types of certification:
Type I Certification – Typically the first step organizations might take, Type I is an attestation of compliance with SOC 2 controls at a specific point in time. This demonstrates that an organization has established proper security and privacy hygiene.
Type II Certification – an attestation of compliance with SOC 2 controls over a period of time (at least 6 months). This demonstrates that not only has an organization established proper security and privacy hygiene, but it is also continuously maintaining it. Type II certifications typically take six to 12 months to complete the independent audit.
SOC 2 Readiness
SOC 2 Certification process requires an independent third party auditor against five trust services criteria: security, availability, confidentiality, privacy and processing integrity. As industry-leading certified cybersecurity & compliance experts (CISSP, CIA, CISA, CEH, PMP) we help you understand the driving needs of the assessment and support you through the SOC 2 Certification process with your third party auditor.
Security Also known as the "common criteria," security focuses on the protection of information and systems against unauthorized access. This criteria tests that your customers’ information is protected at all times (collection, creation, use, processing, transmission, and storage) along with the systems that handle it.
Availability This criteria makes sure your systems are secure and available for customers to use when they expect to. Availability addresses network performance, downtime and security event handling.
Confidentiality This criteria ensures the protection of confidential information. If you agree to keep any of your customers' information confidential, this criteria is paramount.
Privacy This criteria focuses on the protection of personal information. Similar to confidentiality, the privacy criteria tests whether you effectively protect your customers’ personal information. Where confidentiality focuses on corporate information, privacy focuses on individuals sensitive data (e.g. name, address, email, social security number, purchase history, criminal history, etc.)
Processing Integrity The processing integrity criteria addresses processing errors and how long it takes to detect and fix them, as well as the incident-free storage and maintenance of data. It also makes sure that any system inputs and outputs are free from unauthorized access or manipulation.
Columbia Advisory Group’s monitoring services provide continuous compliance and security control effectiveness tracking via our Security Operations Center (SOC) to ensure you maintain the proper ongoing controls. We manage the entire process and act as your security and compliance department during the assessment, audit, examination, and certification.
More than Compliance Readiness
Columbia Advisory Group’s managed compliance services will not only take you through the compliance readiness process but also ensures your organizations abides by regulatory requirements, certification bodies in preparation for third-party audits against security standards and cyber-insurance renewals.
Delivers exceptional IT Managed Services
Over 100 years of combined experience
Assessments conducted: 350+
Managed services engagements: 100+
Columbia Advisory group delivers unified security & compliance reporting that allows your business to track its readiness against any security or risk-based standard in real time.
Ready to Talk with an Expert?
Learn how we align our exceptional experience as a leading IT Managed Service Provider to bring measurable benefits to your organization
COMPLEX ERP SOLUTION SUPPORTS STUDENT RECRUITMENT AND RETENTION
Columbia Advisory Group Audio/Visual Services Saves Texas A&M University System campuses over $3.2 million during A/V redesign
Implementing Hybrid Learning Systems in a Post-COVID World
Making The Case for Virtual Chief Information Security Officers in Education
The Importance of a Unified Technology Stack for Higher Education Institutions