Developed by the American Institute of Certified Public Accountants (AICPA), a SOC 2 information security standard is a report that validates controls relevant to security, availability, integrity, confidentiality, and privacy:
- Security: SOC 2 evaluates the security of an organization's systems and data. This includes assessing the measures in place to protect against unauthorized access, data breaches, and other security threats. Security controls encompass both physical and logical aspects, such as secure data centers, access controls, encryption, and intrusion detection systems.
- Availability: Availability focuses on the reliability and accessibility of an organization's systems and data. SOC 2 assesses an organization's ability to provide uninterrupted services, minimizing downtime, and ensuring that critical systems are available when needed. This may involve redundancy, disaster recovery planning, and high-availability architecture.
- Integrity: Integrity refers to the accuracy and completeness of an organization's data. SOC 2 evaluates the controls in place to prevent unauthorized data alterations, tampering, or corruption. Data integrity is vital to maintain trust in an organization's records and processes.
- Confidentiality: Confidentiality revolves around protecting sensitive information from being disclosed to unauthorized individuals or entities. SOC 2 assesses how an organization safeguards confidential data and information, including customer records, financial data, and intellectual property. It involves encryption, access controls, and data classification.
- Privacy: Privacy is about handling personal information in compliance with relevant privacy regulations. SOC 2 examines an organization's practices for collecting, processing, and storing personal data, and ensuring it is done in a lawful and secure manner. This is particularly important in light of data protection regulations like GDPR and CCPA.
SOC 2 reports, particularly Type II reports, provide independent assurance to stakeholders that an organization has implemented effective controls in these areas.
The audit was completed with the help of Johanson Group LLP, a premier certification body helping organizations obtain and maintain global compliance standards. Johanson Group attested to Escape’s information security controls meeting the leading industry standards for cybersecurity. Johanson Group specializes in SOC 2 audits and provides audit and professional services to public and private companies, large and small, in a variety of industries.
At its core, Escape is committed to providing identity management and mission-critical data to industries such as health care, financial services, and education. Data integrity and security are a fundamental part of how Escape manages user identity. SOC 2 Type II is just one aspect of our growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs.
Our SOC 2 Type II report is restricted for limited distribution and is only shared under the protection of a non-disclosure agreement (NDA). For all inquiries, please contact us at firstname.lastname@example.org.