Security is a key pillar for Infernotions. It is paramount for us to safeguard our clients’ data. As a cloud based services organization the challenge is not only to secure data at rest, but also when data are in transit and accessed via our cloud analytics applications. Since 2009 we have invested heavily in building up our security controls. We realize that risk can never be annulled. We have to continually work away at testing the controls, identifying threats and vulnerabilities, and taking corrective actions as needed.
This year we engaged in a 3rd party assessment of our security and data protection practices. The audit was conducted over April 1, 2013 and September 30, 2013 byTrustnet Assurance Services LLC. We opted for a SOC 2 Type II audit.
Unlike the SOC 1, SSAE16 audit where the user gets to define their own controls, the SOC 2 audit uses a standard set of controls that are exhaustive and consistent across the industry. In layperson terms, while the SOC 1 audit can be different from company to company depending on the controls that are tested, the SOC 2 audit has standard controls on security, availability, processing integrity and confidentiality. This audit has helped verify the robustness of our security processes and technologies.
While we are committed to delivering value to our clients via our analytical services and solutions, it is just as important to excel at the foundational level where they do not have visibility. These controls are not an afterthought. I visualize this as rebar – for reinforcing our company foundation – protecting us against catastrophic failures or events. On that note, a hat tip to the Infernotions’ IT leadership – Philip and Leszek – for their hard work in building up our risk management processes. Thank you.