Canadian managed service provider Pathway Communications has recently completed the requirements for Service Organizational Control (SOC) 2 compliance.
SOC 2 certification is designed for a technology and cloud computing organizations. It provides the assurance that a service provider delivers secure, reliable and effective systems for information storage, communications and access. Pathway Communications is an Internet service provider but is also very active in the data center and cloud services market.
“The addition of SOC 2 to our existing portfolio, which already includes ISO 9001-2008 and Tier III certifications, underscores Pathway Communications’ commitment to providing its customers, business partners and suppliers with the confidence that their sensitive data will be guarded with the utmost integrity,” said Ashok Kalle, CEO of the company. “This certification makes Pathway Communications one of only a few companies in North America that are able to offer this advanced level of security.”
SOC 2 compliance uses the five trust service principles (TSP) as a general framework for conducting transactions.
The 5 TSP are:
- Security – Requires that a system is protected both logically and physically against unauthorized access
- Availability – The system must be available for operation and use as committed or as agreed upon
- Process integrity – System processing must be complete, time and authorized
- Confidentiality – Information designated as “confidential” must be protected as committed or agreed upon
- Privacy – Personal information must be collected, used, retained and disclosed in conformity with commitments in the service provider’s privacy notice and with privacy principles developed by the American Institute of Public Accountants and the Canadian Institute of Chartered Accountants.
SOC 2 allows for reporting on any number of the TSP, unlike SOC 3 which required all five TSPs to be included in a report.
The SOC 2 certification provides many within Pathway’s client base – including those in the financial, health services, mining, IT and logistics – the necessary security assurance levels required to successfully run their businesses.
Many companies including those within these vertical areas require 24-hour operations and increased security compliance surrounding customer data.
Pathway’s SOC 2 Type 2 report is available to clients for use in their compliance plans and policies.