Companies often rely on a service organization’s SOC-2 report as a security compliance requirement. SOC, or “Service and Organization Controls,” are a set of standards outlined by the American Institute of Certified Public Accountants (AICPA) that measure how a service organization handles the data of their users. A SOC-2 report provides detailed information and assurances about a service organization’s controls relevant to the systems the service organization uses to process customer data. A service organization like Giant Oak may earn a SOC-2 report after a third-party review of the security and availability of those systems. A SOC-2 report both describes the systems Giant Oak uses to process data and the suitability of those internal controls; and illustrates how effectively those controls and processes operate over a longer period of time (usually between six to twelve months).
Earning a SOC-2 report means that Giant Oak’s customers can be assured that their customer data and personal information are secured; that they have easy access to their data within their platform; and that Giant Oak can sufficiently prevent unauthorized access to customer data and information.
Giant Oak’s SOC-2 report includes details of the precise software infrastructure and processes we use to achieve data security and availability. Included in the report are: system monitoring and ongoing risk assessments; internal access control to production environments; disaster recovery, data backup, and incident response processes; communication of changes to customers; and employee onboarding and termination processes.