FormAssembly, a leading enterprise data collection platform, today announced the company has received the Systems and Control (SOC) 2 Type II compliance. Achieving this standard through an in-depth independent audit serves as third-party industry validation and demonstrates FormAssembly’s ability to not only implement enterprise-level security for customers’ data but also prove compliance over an extended period of time.
This independent audit conducted by A-LIGN validates that FormAssembly security practices and controls meet the American Institute of Certified Public Accountants (AICPA) Trust Service Principles and Criteria for System and Organization Control.
What is a SOC 2 Type II Audit?
SOC 2 Type II is an auditing procedure that ensures service providers meet a standard degree of security control in areas including organization and management, communications, risk management, and monitoring of controls.
SOC 2 is based on the criteria of Observability, Procedures, Communication, and Policies, and has specific Trust Service Principles based on the five trust principles developed and maintained by the American Institute of Certified Public Accountants (AICPA):
- Security – The system is protected against unauthorized access, both physical and logical.
- Availability – The system is available for operation and use as committed or agreed.
- Processing integrity – System processing is complete, accurate, timely, and authorized.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
- Privacy – Personal information is collected, used, retained, disclosed, and disposed of according to set guidelines.
SOC Report types: Type I vs. Type II
- SOC 2 Type I – issued to organizations that have audited the controls are suitability designed and implemented.
- SOC 2 Type II – more rigorous and is only issued to organizations that have successfully passed an audit of their controls when dealing with sensitive and confidential information over a specific period of time.
Why does it matter?
Our SOC 2 Type II compliance demonstrates our commitment to protecting the sensitive data of our customers in regulated industries and their end users by adhering to one of the most stringent compliance frameworks worldwide. FormAssembly users can rest assured knowing that data security and privacy are top priorities for our company, and we will continue to maintain this mindset now and in the future.
Our commitment to data stewardship
At FormAssembly, we have achieved several certifications that demonstrate our commitment to being good stewards of the data in our care. Along with completing the SOC 2 Type II Audit, we are ISO 27001:2013 certified, PCI DSS level 1 certified, and FedRAMP Ready. Our policies, procedures, and standards also reference best practices of FFIEC, GLBA, HIPAA, NIST, NYDFS, and the Privacy Act 1988. Together, these certifications and standards show our company has the protocols and controls in place to minimize risks involving the data our customers entrust to us.
Interested in learning more about data stewardship? Join FormAssembly CEO Cedric Savarese at 2 p.m. on Monday, October 17, 2022, for our webinar, “Why It’s Time to Evolve from Data Ownership to Data Stewardship: A Conversation with FormAssembly’s CEO.”