When it comes to managing your company’s data, security and privacy are high on your list of priorities.
Today, we're thrilled to share that OnRamp has once again completed our SOC 2 Type II certification, an industry-leading standard for the security, availability, and confidentiality that our organization adopted.
At OnRamp, keeping customer and stakeholder data secure is our top priority. To ensure that our systems and controls have been designed appropriately to achieve that goal, we sought out third-party attestation from a qualified auditing firm. Our SOC 2 report is the result of their examination.
In addition, we continue to be HIPAA, CCPA, and GDPR compliant.
What is a SOC 2 Report?
Obtaining a System and Organization Controls (SOC) 2 report is one way for a service organization to attest to the security of its digital environment.
Completing a SOC 2 examination through an accredited third-party auditor does not result in any certification. Instead, the resulting CPA’s report functions as a tool to help an organization communicate whether the internal controls they’ve put in place governing the security of customers’, partners’, and stakeholders’ data are properly designed, implemented, and maintained.
In simpler terms, a SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably.
What does a SOC 2 report cover?
All SOC 2 examinations are performed by accredited CPA firms under the standards defined by SSAE 18. An auditor tests the effectiveness of the internal controls outlined by the organization, then maps those controls to one or a combination of Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
In our case, those criteria include:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
What does this mean for you?
Our SOC 2 designation means that OnRamp has designed a set of internal controls, systems, policies, and procedures that meet industry best practices for protecting your data, measured over time. This certification also verifies that our service meets the highest availability standards, reinforcing our commitment to providing a high quality solution to our customers.
As you work with your customers and facilitate the transfer of critical data and information through OnRamp, we know how important it is that you feel safe with how OnRamp is handling that data. Additionally, for those of you who work with sensitive PII and Patient Data, you can be assured OnRamp has tight controls that meet the strictest standards.
Many of our customers have adopted SOC 2 as a standard for their own security and compliance, and many of the best security teams consider SOC 2 to be a preferred or often required certification for software vendors. We are thrilled to reach this milestone and increase confidence in our security as a result of completing this audit.
If you want to learn more about what SOC 2 certification means for you, check out this comprehensive list from InfoSecurity Magazine.
