It is official! n3 Hub has SOC 2 Type 2 Compliance & Certification, and we could not be more excited. SOC 2 (Service Organization Control 2) is an auditing procedure that ensures an organisation is securely managing its data to protect the interests of your organisation and the privacy of its clients.
This is part of our ongoing commitment to ensuring we maintain the highest level of security for our customers and their data. Within this process, an independent auditor has conducted a comprehensive audit of our servers and systems, including our Customer Data Platform. They have verified that our information security practices, policies, procedures, and operations meet rigorous SOC 2 standards.
At n3 Hub, we specialise in helping highly regulated industries like financial services create and operate fully compliant customer communication solutions that enable them to deliver relevant and personalised customer communications to their customers.
We spoke to some of our team Sophie Crisp, Head of Digital and Sara Brown, Australian Business Manager, about what SOC 2 compliance means:
Why did n3 Hub apply for a SOC 2 accreditation?
Sara: We must continue to ensure that we have best practice information security policies and procedures. We recently achieved ISO27001 certification, so this latest SOC 2 recognition further reinforces our commitment to the highest data security standards.
What did it involve? What does it take to become SOC 2 accredited?
Sophie: Outside auditors’ issue SOC 2 certifications. They assessed how well n3 Hub complied with three fundamental trust principles based on the systems and processes in place: Security, Availability, and Confidentiality.
What does accreditation mean for our customers?
Sara: Being verified by an independent international body further assures our customers that we are following best practices with our processes and procedures. As SOC 2 reports are unique to each organisation, it provides us with a clear view.
What key areas are a continued focus area for the n3 Hub team to ensure that we remain SOC 2 accredited?
Sophie: We must always focus on security, integrity and availability when handling our client’s data. By using independent auditors, we continue to ensure that we operate against our certified processes and policies. With a focus on continuous improvement, we rapidly identify and react to the threats to the environments in which we operate.
Want more information? The 5 Trust Principles:
- Security: The physical and logical protection of system resources against unauthorized access.
- Availability: The accessibility of the system, products or services as stipulated by a contract or service level agreement (SLA).
- Processing integrity: Addresses whether a system achieves its purpose (i.e., delivers the right data at the right price at the right time).
- Confidentiality: Data is considered confidential if its access and disclosure are restricted to a specified set of persons or organizations.
- Privacy: The system’s collection, use, retention, disclosure and disposal of personal information in conformity with an organization’s privacy notice, as well as with criteria set forth in the AICPA’s generally accepted privacy principles (GAPP).
For more information on SOC 2 Compliance, please visit the following websites:
https://www.compassitc.com/blog/ssae-16-soc-2-report-the-5-trust-principles
https://www.imperva.com/learn/data-security/soc-2-compliance/
https://www.threatstack.com/blog/not-soc-2-compliant-4-reasons-your-customers-wont-work-with-you