Last year (2023) we completed our Type 1 SOC 2 audit. As a part of an ongoing effort to maintain the highest standards of data security for our clients, we have now successfully completed our Type 2 SOC 2 audit.
The Difference Between Type 1 SOC 2 and Type 2 SOC 2
Let us provide a quick refresh of what the broader term ‘SOC 2’ entails, and then go over the difference between its two variations – Type 1 and Type 2.
SOC 2
SOC 2 audit assessments are conducted by A-LIGN (learn more about this organization below).
A SOC 2 audit focuses on the risks associated with the handling and access of data.
This audit pays special consideration to how an organization implements and manages controls to mitigate the identified risks.
The SOC 2 audit testing framework is built around the Trust Services Criteria (TSC),
In order to pass a SOC 2 examination and receive a letter of attestation successfully, an organization must have demonstrated that they have addressed controls in areas such as information security, access control, vendor management, system backup, business continuity, and disaster relief.
There are two types of SOC 2 audits:
SOC 2 Type 1
Type 1 has more of a design emphasis. The assessment evaluates whether the controls and processes that a company currently has in place to protect their client’s data are designed sufficiently.
The assessment is conducted in a comparatively short timeframe to Type 2 (a matter of weeks).
SOC 2 Type 2
Type 2 is more comprehensive, with increased and stricter requirements. Unlike Type 1, it assesses the controls and processes in place to protect client data, over an extended period of time.
This period of time that is evaluated, is usually anywhere from 3 to 12 months.
Although Type 1 attestation is a very positive achievement, Type 2 is more comprehensive, and proves the effectiveness of the controls in place through a time-based assessment.
This makes it a much stronger benchmark because it doesn’t only examine if the controls are in place, but if they are being followed and are effective.
Devexperts SOC 2 Type 2 attestation shows that our team is committed to achieving the highest standards of security best practice, not just by our policies, but in our practices across the organization. We take the security of our customers very seriously, but we also have to benchmark our internal efforts. We strive for excellence in everything we do, so security audits allow us to measure those efforts and their effectiveness. As SOC 2 touches on elements all across the business, it also demonstrates that Information Security is not just a consideration for the Information Security teams, but the entire Devexperts business.
— Chris Patterson, Global CISO
Cybersecurity should be at the top of the agenda for any organization dealing with client data. As a software development company in the financial industry that services clients with sensitive assets, we perhaps have an even clearer understanding of just how important it is to have adequate protocols and processes in place. We appreciate that these measures are also regarded highly by our clients, so it’s fantastic that we can demonstrate that Devexperts operates within these frameworks and guidelines
— Michael Babushkin, Devexperts CEO
We hope these official steps we continue to take, help to communicate and provide peace of mind that client data is protected, accessed, and handled within the necessary frameworks and standards at Devexperts.
If you have any questions or would like to learn more about our security policies and initiatives, please feel free to reach out to us here.
About A-LIGN (The Auditors for SOC 2 Assessments)
A-LIGN is a technology-enabled security and compliance partner trusted by 2,500+ global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider approach as a licensed SOC 1 and SOC 2 Auditor, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HISTRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, and PCI Qualified Security Assessor Company. Working with small businesses to global enterprises, A-LIGN experts and its proprietary compliance management platform, A-SCEND, are transforming the compliance experience. For more information, visit www.A-LIGN.com.