{"id":81796,"date":"2020-02-18T07:03:14","date_gmt":"2020-02-18T15:03:14","guid":{"rendered":"https:\/\/oroinc.com\/b2b-ecommerce\/?p=81796"},"modified":"2023-07-07T00:40:25","modified_gmt":"2023-07-07T07:40:25","slug":"orocommerce-security-announcing-soc-2-certification","status":"publish","type":"post","link":"https:\/\/oroinc.com\/b2b-ecommerce\/blog\/orocommerce-security-announcing-soc-2-certification\/","title":{"rendered":"OroCommerce Security: Announcing SOC 2 Certification"},"content":{"rendered":"

Every customer\u2019s data is important to us. We know the data you entrust us with is sensitive, so we want you to know it\u2019s in safe hands. <\/span>That\u2019s why we are happy to announce that Oro\u2019s SOC 2 certification has been finalized and is available upon request.<\/span><\/p>\n

Oro has fulfilled <\/span>Security<\/b> and <\/span>Availability<\/b> requirements for Trust Service Criteria (TSC) as part of its SOC 2 certification. Note that many SaaS vendors only focus on one area of systems and procedures in their organization (Security), since meeting additional criteria is optional.\u00a0<\/span><\/p>\n

For Oro, the <\/span>Availability <\/b>criteria demonstrate our commitment to ensuring the availability of our systems and communicating that to our clients. The Availability part of the report discusses the accessibility of our applications, our network performance monitoring, and other security-related criteria that may affect availability.\u00a0<\/span><\/p>\n

In this post, we\u2019ll take the opportunity to tell you about SOC 2, what it does, what this compliance requirement means to technology companies such as Oro, and what it means for our customers.<\/span><\/p>\n

\"Oro<\/p>\n

What is SOC 2 compliance and why it is important<\/span><\/h2>\n

Service Organization Controls (SOC 2) is a reporting mechanism developed by the American Institute of Certified Public Accountants (<\/span>AICPA<\/span><\/a>) specifically designed for service providers that store customer data in the cloud. This is a third-party assessment that covers the design of an organization\u2019s controls relevant to its security, confidentiality and availability.<\/span><\/p>\n

The SOC 2 report gives our partners, customers, and end-users the utmost confidence in Oro and its suite of products. This important milestone shows our commitment to giving customers all the necessary assurances that our system controls are up-to-date.<\/span><\/p>\n

What SOC 2 compliance means for Oro customers<\/span><\/h3>\n

Some customers require a high-level external validation to properly assess the level of trust and security offered by a service organization. SOC 2 demonstrates that the necessary security controls are in place at Oro for the safe and reliable handling of sensitive data.<\/span><\/p>\n

It\u2019s important that our existing customers understand that they can trust that we have taken all the necessary measures to protect their data. The SOC 2 certification is further proof of our commitment to constantly improve on the security, scalability, and seamlessness of Oro applications.<\/span><\/p>\n

What was checked as part of SOC 2 compliance\u00a0<\/span><\/h3>\n

Essentially, a SOC 2 certification confirms that an entity has established the minimum level of requirements in certain areas of the organization. These range from risk assessment procedures, processes that monitor malicious activity (known or anticipated), alerts that warn of anomalies, and ways to contain, manage, and audit events in case they occur.<\/span><\/p>\n

Some of the criteria met by Oro as part of the recent SOC 2 certification include (but is not limited to):<\/span><\/p>\n

Control Environment<\/span><\/h3>\n