In partnership with one of the most well-respected independent auditors, Schellman & Company, ThreatConnect has achieved SOC 2 Type 2 compliance with our Dedicated Cloud and Risk Quantifier products for the second year in a row. Over the last few years, ThreatConnect has demonstrated our commitment to protecting our customer’s data by aligning our security program to the American Institute of Certified Public Accountants (AICPA) rigorous Trust Services Criteria framework. This successful compliance outcome required months of inter-departmental cooperation and virtual coordination.
As a leading threat intelligence operations and risk quantification SaaS provider, ThreatConnect’s SOC 2 Type 2 report gives our customers a greater understanding of our security controls. The unqualified opinion from the auditors means that ThreatConnect architected and enforced controls effectively for the entire twelve-month audit period.
What Is A SOC 2 Type 2 Report?
Successful completion of a SOC 2 Type 2 audit proves that an organization not only has the necessary controls in place but that an independent auditor has confirmed that those controls operated effectively over the audit period. This is more rigorous than a SOC 2 Type 1 report, which only measures control effectiveness for a point in time.
All companies are required to have their security controls tested for a SOC 2 Type 2 audit. The security controls cover access control, unauthorized disclosure, and other controls that would affect an organization’s ability to achieve availability, confidentiality, and integrity objectives. ThreatConnect completed an additional two tests to certify our availability and confidentiality controls. These additional tests are optional but a great way to show our comprehensive security posture.
What Does This Mean For Our Future and Current Customers?
With the proliferation of cybersecurity incidents and data breaches, more companies are requiring their third-party partners to have a SOC 2 Type 2 report. By investing time and resources into a SOC 2 audit, ThreatConnect is renewing our commitment to exceeding industry best practices. Our customers and partners, current and future, can be confident that we take our security seriously. ThreatConnect continues to strive to exceed standards by remaining SOC 2 Type 2 qualified and ISO 27001 certified.
About the Authors:
Kevin Chalkley, Senior Information Security Compliance Analyst at ThreatConnect, has worked in information security for marketing agencies, health insurance companies, and healthcare providers before coming to ThreatConnect. Kevin enjoys finding ways to make the information security compliance process easier and more streamlined for all stakeholders.
Kevin Johnson, Manager of Information Security & Compliance at ThreatConnect, has spent the last 10+ years dedicated to solving complex security problems from log analysis to compliance enforcement. Kevin has worked with very small companies to large Fortune 25 companies.