Security Commitment

System Surveyor is both SOC 2 Type 1 and SOC 2 Type 2 compliant.  We are committed to protecting our customer’s data and our SOC 2 certification helps demonstrate this.  SOC 2 certification takes five trust principles into account: security, availability, confidentiality, privacy, and processing integrity.  

• Security – This is the foundational requirement in a SOC 2 assessment. It focuses on the protection of data and systems, taking into account firewalls, two-factor authentication and intrusion detection.  
• Availability – Availability addresses network performance, downtime, and disaster recovery plans. Availability is also addressed in a company’s Service Level Agreement. 
• Confidentiality – Confidentiality is the handling and protection of confidential data and information. The data must be encrypted, and access is restricted to a select group. 
• Privacy – Privacy measures the company’s collection, usage and disclosure of personal information, and is done in accordance with the company’s privacy notice. 
• Processing Integrity – Processing integrity addresses processing errors and the length of time it takes to fix them as well as storage and maintenance of data. 

What’s the difference between SOC 2 Type 1 and Type 2 certifications? 

SOC 2 Type 1 and SOC 2 Type 2 differ in the assessment and monitoring period of the internal controls. SOC 2 Type 1 evaluates the design of the security controls at a point in time, whereas SOC 2 Type 2 reviews the design and operating effectiveness of the controls over a period of 3-12 months. 

Need more information? Please get in touch.