Faced with the increase in cyber threats, organizations endure a slew of customer requests for security assurance. At Zeenea, we felt it was essential to set up security control systems to protect our clients’ sensitive data. One of the best ways to guarantee this transparency is to complete the SOC 2 Type II report, which Zeenea has now successfully achieved!
What is SOC 2 Type II?
After having completed the SOC 2 Type I report in 2020, Zeenea has now successfully completed the SOC 2 Type II report. This distinction corresponds to the highest standard of compliance and information security. The certification follows a favorable audit report from the American Institute of Certified Public Accountants (AICPA) accredited accounting firm, which recognized our ongoing efforts to ensure compliance with the organization’s core principles. This is a rigorous, self-initiated process that aims to provide all the necessary guarantees and transparency when it comes to treating our clients’ data.
The System and Organizations Control (SOC) report demonstrates the effectiveness of information technology controls. The SOC report assures user entities that:
- Security controls required to protect customer data from known and emerging threats have been implemented ;
- Alerts exist to easily detect anomalies and breaches throughout the ecosystem;
- In addition to preventing risky situations, rapid remediation of damage, and restoration to normalcy in the event of a data breach or system failure is assured.
There are different types of SOC reports. SOC 1 compliance focuses entirely on controls that directly impact the user entity’s Internal Controls over Financial Reporting (ICFR). SOC 2 compliance provides reporting options that go beyond financial objectives. It covers controls related to the Trusted Services Principles (TSP): security, availability, processing integrity, confidentiality, and privacy. Finally, SOC 3 compliance has a similar look and feel to SOC 2 reporting. However, the SOC 3 report is truncated and can be distributed without restriction. It is more of a general-purpose report.
What security guarantees does Zeenea provide in relation to SOC 2 Type II?
The SOC 2 Type I report – validated by Zeena in 2020 – covered the suitability of the design controls and the operational effectiveness of our systems. It confirmed that our security systems and controls were working as intended, at any given time. The SOC 2 Type II report goes even further: to prove SOC 2 Type II compliance, Zeenea was subjected to a rigorous audit over a longer period of time. The auditor examined the design of internal controls and the operational effectiveness of systems over a period of several months.
SOC 2 Type II examinations
The SOC 2 Type II report focuses on the American Institute of Certified Public Accountants (AICPA) Trust Services Principles (TSP). It examined Zeenea’s internal controls and systems related to data security, availability, processing integrity, confidentiality, and privacy. The report focuses on the following areas:
- Infrastructure: the physical and hardware components (networks, facilities, and equipment) that support the computing environment and help deliver Zeenea Data Catalog services.
- Software: the software and operating programs (utilities, applications, and systems) that we use to facilitate the processing of data and systems.
- People: The teams (managers, developers, users, and operators) involved in the management, security, governance, and operations to provide services to customers.
- Data: The information (files, databases, transaction flows, and tables) that we use and process to provide our services.
- Procedures: The manual or automated procedures that bind processes and ensure the smooth delivery of services.
Customer data processing at Zeenea
The SOC 2 Type II certification ensures that Zeenea’s customer data is :
- Secure: we submit to regular application security (AppSec) and penetration test (PenTest) assessments by an independent security firm in order to bolster the security of our applications and information systems.
- Available: Our systems are constantly and easily accessible 24 hours a day, 7 days a week, to meet all customer requirements.
- Quality: We maintain the consistency, accuracy, and reliability of our customers’ data throughout its lifecycle, and we do not access or manage it. The Zeenea platform is offered to customers as a Software as a Service (SaaS).
- Confidential: We have a dedicated information security team, consisting of an information systems security manager, and a senior security specialist responsible for managing information security throughout the organization.
Finally, Zeenea customers are provided with client configurable Single-sign-on (SSO) and multi-factor authentication (MFA) options.
Why did we decide to become SOC 2 Type II compliant?
More and more companies are migrating their on-premise operations to the cloud. This is because a cloud-based infrastructure improves processing efficiency while reducing costs. However, moving to the cloud sometimes means losing control over the security of data and system resources.
Entities outside of an organization are brought in to host, manipulate and maintain data on your behalf. The outsourcer may sometimes have access to your sensitive information, leaving you vulnerable to data breaches. Statistics show that 72% of large companies and 28% of small companies experience data breaches, putting your company’s reputation at risk.
With the SOC 2 Type II report, we assure our customers that our security program is properly designed and working effectively to protect their data.
Start your data catalog project safely with Zeenea
For more information on our data catalog and our commitments to the security of your data: