Information Security is a top priority at NextPage
Information security is a hot topic of conversation in today’s world. The rise of technology and value of consumer data can lead to some interesting questions about consumer privacy and security. Here at NextPage, we are committed to providing a safe and secure environment for all of our sensitive information and have taken the necessary steps to progress from SOC 2 Type I compliance to SOC 2 Type II compliance.
What is a SOC 2 report?
Developed by the American Institute of CPAs, a System and Organization Controls (SOC) report focuses on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. These strict information security policies and procedures ensure that a company’s information security measures are aligned with the ever-changing specifications of today’s data center requirements.
What does SOC 2 include?
The SOC 2 framework includes five key sections, forming a set of criteria called the Trust Services Principles. These include:
- The security of the service provider’s system
- The processing integrity of this system
- The availability of this system
- The privacy of personal information that the service provider collects, retains, uses, discloses and disposes of for user entities
- The confidentiality of the information that the service provider’s system processes or maintains for user entities
Type I vs Type II
- Type I reports concern policies and procedures that were established at a specific moment in time
- Type II reports concern policies and procedures over a specified time period. The security systems and procedures must be evaluated for a minimum of six months.
What does this certification mean for NextPage and our clients?
SOC 2 Type II compliance certifies that NextPage has the best policies and procedures in place to ensure the security of all sensitive information. This analysis provides our clients peace of mind knowing their information is safe and rigorously protected.