MetaCX Completes SOC 2 Type 1 Certification
The MetaCX team is excited to announce that we are now SOC 2 Type 1 certified! In today’s threat landscape, data protection and security aren’t negotiable. These are practices, values even, that we have baked into the core of our team.
What is a SOC 2 report?
A SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested. SOC 2 audits are required to be performed by a licensed and accredited CPA firm, in our case, KirkpatrickPrice. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design of our controls to meet the standards for these criteria.
Type I and Type II. What is the difference?
SOC 2 Type I audits are performed at a point in time and cover the description of systems and suitability of design of controls (Known as criteria in SOC terminology). Prior to the audit, a gap assessment is performed between the auditing firm, in our case KirkPatrick Price, and gaps remediated.
Type 2 reports have everything in type 1 reports, but also evaluate the effectiveness of the controls over a period of time. We are committed to establishing the highest security and privacy standards. Our next step is to complete our Type 2 audit over the next several months.
Commitment to Security and Privacy
Software vendors have the responsibility of securing user data and maintaining privacy. Our goal is to ensure our software remains available, and our customers and system are secure.
We are committed to building a culture of trust that our customers deserve and expect.
“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “MetaCX delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on MetaCX’s controls.”
The Bottom Line
For those who do not have a technical background, here’s the bottom line: Being SOC 2 Type 1 certified means that MetaCX is operating in a secure manner in order to protect our customers. That should give you (and your IT department) confidence in doing business with us.
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com