The coronavirus pandemic and the rush to remote work is casting special attention on risk assessment and mitigation processes within many businesses. We understand these concerns and want to assure our customers, partners, and end-users that we remain committed to protecting sensitive data during this time.
That’s why we’re excited to announce Oro’s successful completion of the SOC 2 Type 2 audit. This audit demonstrates Oro’s dedication to meeting the highest security requirements and maintaining customer trust.
What is SOC 2 Type 2 Audit About?
The AICPA Service Organization Control 2 (SOC2) is certification Oro successfully announced back in February that measures the security and availability and provides assurances that data is being managed in a controlled environment. As part of the SOC 2 Type 2 audit, Oro achieved compliance in the following areas:
- Security: The system is protected against unauthorized access, both physical and logical.
- Availability: The system is available for operation and use as committed or agreed.
SOC 2 Type 1 vs SOC 2 Type 2
The SOC 2 Type 1 report details the sustainability and robustness of design controls to an organization’s systems. This evaluation details the system at a specific point in time and involves an auditor reporting on the descriptions and the documentation on these controls.
Oro’s technology team chose to undertake SOC 2 Type 2 compliance, which provides a much higher degree of assurance when compared to SOC 2 Type 1. Unlike SOC 2 Type 1’s spot evaluation, SOC Type 2 requires passing an extensive evaluation of internal controls policies over a 6 to 12 month period.
The SOC 2 Type 2 audit is performed by an independent auditor and demonstrates Oro’s trustworthiness, reliability, and security as a service provider. It is just another step in our commitment to maintaining customer and stakeholder trust in Oro products.
Information Security During Coronavirus
The pandemic has forced many organizations to enact physical distancing at workplaces or switch to working remotely entirely. These situations are opportunities for individuals with malicious intent who look for vulnerabilities that organizations may overlook.
As companies remain in the processes of changing their workplace activities and adapt to a new way of working, they need reassurance. We at Oro understand the increased risks during these times and remain at the forefront of ever-changing IT compliance and security standards. We will continue to closely monitor and mitigate any security risks in the form of internal controls, and evaluate these controls to protect sensitive customer data.
The SOC 2 Type 2 report verifies that Oro is constantly improving to remain on the cutting edge of safeguards, procedures, and policies when it comes to your data. With our information security program, we aim to build on customer confidence in Oro’s data protection, security, and compliance.