{"id":8277,"date":"2023-10-02T14:38:11","date_gmt":"2023-10-02T14:38:11","guid":{"rendered":"https:\/\/durolabs.co\/?p=8277"},"modified":"2024-09-20T17:29:57","modified_gmt":"2024-09-20T17:29:57","slug":"soc-2-compliance","status":"publish","type":"post","link":"https:\/\/durolabs.co\/blog\/soc-2-compliance\/","title":{"rendered":"Duro\u2019s Journey to SOC 2 Compliance (Type 1 & 2)"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

At Duro, we take security and compliance seriously. In the digital age, protecting sensitive data<\/a> is of utmost importance. That\u2019s where SOC 2 compliance comes in. SOC 2 is a framework that focuses on how organizations manage and process customer data. <\/p>\n

In addition to being ITAR and NIST compliant, Duro achieved its SOC 2 Type 1<\/b> certification in September 2023 and quickly followed it up with SOC 2 Type 2<\/b> in December 2023. This blog explains this compliance measure and why it\u2019s so important. We\u2019ll also outline some of the steps we\u2019ve taken to protect our customers’ data. This article was updated in 2024. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

What is SOC 2 Compliance?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

SOC 2 is a security framework<\/a>\u00a0that companies rely on to manage, process, and store customer data. It stands for Service Organization Control 2, and under the framework, companies must comply with various security, availability, confidentiality, and privacy rules. Companies that adhere to SOC 2 standards are committed to protecting customer information.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

The five SOC 2 Trust Services Criteria:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
  1. Security<\/b>: The organization\u2019s systems and data must be protected against unauthorized access, disclosure, and damage. It requires data encryption, authentication, access, monitoring, and incident response.<\/li>
  2. Availability<\/b>: Systems and services must be available for operation and use as agreed upon with customers. Adequate measures must be taken for system reliability, backup processes, and disaster recovery planning.<\/li>
  3. Processing<\/b>\u00a0Integrity<\/b>: Systems and processes must operate accurately, efficiently, and securely.\u00a0<\/li>
  4. Confidentiality<\/b>:\u00a0Data is protected\u00a0from unauthorized access or disclosure.<\/li>
  5. Privacy<\/b>: The organization must handle personal information carefully and ensure compliance with relevant privacy regulations.\u00a0<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Audits and certification <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    SOC 2 requires third-party attestation to assess one or more of the Trust Services Categories. Licensed audit firms generate these reports. There are two types of SOC 2 reports:<\/p>