Less than a week after achieving HIPAA Compliance, Shipyard completed its System and Organization Controls (SOC) 2 Type II Audit. Shipyard is officially SOC 2 Type II Compliant.
“SOC 2 Type II compliance was the next logical step for us,” said Blake Burch, CEO of Shipyard. “Our customers trust us with their data, which is perhaps their most valuable asset outside of their people. As many of our customers are in highly regulated industries such as healthcare, financial services, and education, security will remain our biggest focus.”
The SOC 2 audit is one the highest recognized standards of information security compliance in the world. The American Institute of CPAs (AICPA) created it to ensure the secure handling of client data by third-party service providers. It evaluates controls related to security, availability, processing integrity, confidentiality, and privacy. These reports provide organizations and their regulators, business partners, and suppliers, with important information about how organization’s like Shipyard manage their data.
“Essentially, SOC 2 Type II provides additional assurance to our customers that Shipyard follows robust security practices,” said Burch. “We’ll always go above and beyond in protecting our customers, their customers, and maintaining their trust. It’s one of the many reasons we’re convinced that Shipyard’s data operations platform is the best choice for security conscious organizations.”
Shipyard obtained its audited SOC 2 Report by partnering with Johanson Group. More granularly, Johanson reviewed Shipyard’s internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup management, business continuity and disaster recovery, security incident response, and other critical areas of the business.
“We’re happy to share our Auditor’s report with prospects and customers to prove that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria,” said Burch. “In fact, by partnering with Vanta, we can confidently say we go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework 24/7/354, not just during the audit window.
“SOC 2 is just one aspect of our growing security program. We’re committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs. To that end, we encourage you to visit our Trust Center to learn about all of the things Shipyard does to secure your data processes,” concluded Burch.
Curious to learn more about our security protocols and see how we can help you with data? Schedule a consultation with our data experts.
