Security: A Core Tenet
Security is one of the core pillars of Ferroque Systems’ operations and services. Since our inception, the implementation of security controls, data and systems handling policies, and a myriad of security tools and hardware has been front and centre for both the welfare of our organization and of our customers.
Over the past several years, we have continued to invest in our Governance, Risk, and Compliance (GRC) and security programs.
SOC 2 Compliance & Certification
Mature service organizations routinely audit their corporate governance, security posture, and related controls and provide evidence of their adherence over a period of time to validate their effectiveness. They are intended to prove the provider has and continues to take steps to implement and maintain property security measures and standards as set out by the American Institute of Certified Public Accountants (AICPA). These external audits and reports are conducted in accordance with AICPA SSAE18 by an accredited CPA. SOC 2 reports come in two forms:
- Type I: Describes the organization’s system and outlines the service provider’s controls, processes, policies, and procedures pertaining to five criteria areas: security, availability, processing integrity, confidentiality, and privacy. The report also requires point-in-time audit evidence for the related in-scope controls that align with our operations and services.
- Type II: Includes the Type I report and builds on the report by auditing the controls over a 3-12 month period of operation. Its intent is not merely to confirm the existence of the controls, but to provide evidence the controls are operating and are being adhered to on a daily basis.
Going forward we continue to pursue SOC2 Type II reports on an annual basis in tandem with our pursuit of ISO:27001 compliance. Our SOC2 compliance is continuously monitored through SecureFrame.
Confidence. Maturity. Trust.
A service provider stating to a customer that their systems are secure without having the evidence to back it up provides little comfort to the savvy customer. By continuously investing in SOC2 compliance with certified auditors, we demonstrate (not merely say) to our customers we are a competent, capable, and security-focused organization. In addition, we demonstrate the services we provide and the manner in which the organization is run align with industry best practices.
To Your Security,
The Ferroque Systems Team