For 18 years, Insignia Environmental has built its brand on trust. We believe customers should be able to trust us with their data. In consultation with our clients and in order to provide an extra level of security, Insignia is excited to announce that we have initiated the System and Organization Controls (SOC) compliance process.
While attaining SOC 2® compliance is not typical for a service-driven consulting firm like Insignia, we have undertaken this technical audit to provide our clients with an additional layer of confidence in our ability to keep their data secure.
“Trust is an integral part of the Insignia spirit,” said Robert Curley, Insignia’s Chief Technical Officer. “We want to earn the trust of our clients and partners by sharing the results of this process with them.”
WHAT IS SOC COMPLIANCE?
In 2017, SOC was developed by the American Institute of Certified Public Accountants (AICPA) for service providers that store customer data in the cloud. The term SOC refers to the suite of services that relate to the system controls of a service organization or system- or entity-level controls of other organizations.
There are several levels of SOC compliance; SOC 2 represents the highest degree of excellence in systems and operations control. It focuses on compliance with critical security policies and procedures. It emphasizes monitoring, alerting procedures, detailed audit trails, and actionable forensics. It requires companies to establish and follow strict information security policies and procedures.
HOW DOES THE CERTIFICATION PROCESS WORK?
In late 2021, Insignia teamed with Drata to facilitate a review of our existing standards and policies and enhance these standards and policies to address all applicable SOC controls.
“Though Insignia already employed enterprise-grade best practices, our collaboration with Drata throughout the SOC 2 process has allowed us to achieve a greater level of confidence in our ability to safeguard our clients’ data,” Curley said.
After using the Drata platform to automatically monitor and track our compliance with these enhanced policies and procedures, we will invite a third-party auditor to objectively assess our security standards and verify that we are operating in accordance with our policies. Upon approval, the auditor will write a report attesting to the fact that Insignia adheres to these best practices. We hope to achieve full compliance by the fall of 2022.
GOING FORWARD
Receiving SOC 2 certification is just the beginning of Insignia’s commitment to security. While other certifications simply require a clean inspection, SOC 2 requires continual internal evaluations and annual audits to maintain our compliance and build trust with our clients and partners.
If you have any questions about Insignia’s certification, please contact Insignia Chief Technical Officer Robert Curley at rcurley@insigniaenv.com.