NEW YORK — At K2 Integrity, we continually invest in security best practices to ensure that our client’s data stays safe and secure. As a part of an ongoing effort, we are excited to announce that, for the third year in a row, we’ve successfully completed our SOC 2® audit.
The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 2,500 global organizations to help mitigate cybersecurity risks. According to A-LIGN, “K2 Integrity’s SOC 2 report validates its commitment to data security and protection, as well as its compliance with critical standards to mitigate cybersecurity threats.”
What Is a SOC 2 Report?
A SOC 2 report addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g., SaaS, colocation, data hosting, etc.). Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in scope, the third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures, and controls in place to manage the identified risks effectively.
There are five TSCs. The first criteria, Security, must be included with every SOC 2 report and is referred as the “Common Criteria.” The remaining four are optional:
- Security (required)
- Availability (optional)
- Processing Integrity (optional)
- Confidentiality (optional)
- Privacy (optional)
In order for an organization to pass a SOC 2 examination and receive a letter of attestation, the organization must address controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more.
SOC 2 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures and operations have been formally reviewed. A SOC 2 report highlights the controls in place that protect and secure an organization’s system or services used by its customers. The scope of a SOC 2 examination extends beyond the systems that have a financial impact, reaching all systems and tools used in support of the organization’s system or services.
Know Your Data Is Safe and Secure with K2 Integrity
K2 Integrity will make the SOC 2 report available to current or potential customers upon execution of a nondisclosure agreement. We hope the steps we have taken help current and future clients and their IT teams remain confident in knowing that their data is secure with K2 Integrity. To learn more about our security policies and initiatives, please contact Gerald Werner at [email protected].
About K2 Integrity
K2 Integrity is the leading risk and financial crimes advisory firm helping clients understand and manage their risk so they can lead with confidence. With some of the most knowledgeable practitioners in the industry, K2 Integrity brings together deep subject-matter expertise with proprietary technology and digital offerings to help clients creatively solve today’s issues while also planning for the future. With offices in New York, Washington, D.C., London, Chicago, Geneva, Los Angeles, and Abu Dhabi and more than 400 employees globally, K2 Integrity has deep knowledge and experience working in every region and numerous jurisdictions around the world. To learn more about how K2 Integrity is revolutionizing the management of risk, visit www.k2integrity.com, or follow us on Twitter or LinkedIn.
A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider approach as licensed SOC 1 and SOC 2 Assessor, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HISTRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, and Qualified Security Assessor Company. Working with small businesses to global enterprises, A-LIGN experts and its proprietary compliance management platform, A-SCEND, are transforming the compliance experience.