MGT Successfully Completes a SOC 2 Type I Assessment to Further Data Security
At MGT, we continually invest in security best practices and implement foundational technology controls to ensure that our client’s data stays safe and secure. As a part of an on-going effort to demonstrate the control maturity at MGT, we are excited to announce that we’ve successfully completed our SOC 2 Type 1 audit.
According to our CIO Dewand Neely, a “commitment to information security that revolves around our client’s data safety is at the forefront of everything we do, providing peace of mind and trust for all we work with. Our SOC 2 Type 1 compliance underscores our dedication to maintaining the utmost security by designing and implementing a robust control environment. MGT is committed to extending our compliance journey by eventually achieving SOC 2 Type II and furthermore align with NIST Cybersecurity Framework (CSF).”
What is a SOC 2 report and what does it mean for MGT? In this article, we will walk you through the ins and outs of a SOC 2 report and how the report symbolizes trust to clients.
What is SOC 2 report?
A SOC 2 report addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g., SaaS, colocation, data hosting, etc.) Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based off of the AICPA’s Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the AICPA TSCs the organization selects to be in-scope, the third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures and controls in place to manage the identified risks effectively.
There are five Trust Services Criteria. The first criteria, Security, was included with MGT SOC 2 report and is referred to as the “Common Criteria”. The remaining four are optional to include:
- Security (currently included)
- Availability (optional)
- Processing Integrity (optional)
- Confidentiality (optional)
- Privacy (optional)
In order to successfully complete a SOC 2 external audit examination and receive a letter of attestation favorably, it means an organization is effectively addressing controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief.
Who should get a SOC 2 Examination?
Organizations of all sizes and industries can benefit from a SOC 2 Examination, as the audit can be performed for any organization that provides a variety of services to its customers. A SOC 2 report that is issued by an independent audit firm highlights the controls in place that protect and secure an organization’s system or services used by its customers. The scope of a SOC 2 Examination extends beyond the systems that have a financial impact, reaching all systems and tools used in support of the organization’s system or services.
How do our clients benefit from MGT’s SOC 2 Compliance
MGT provides complex business and IT Security consulting services to both private and public entities. Clients typically integrate MGT services as part of their business operations and services. As with any vendor operations there is a potential exposure of client data to vendor resources and environment. For this reason, organizations request that their vendors achieve SOC 2 compliance as part of demonstrating a vendor’s rigorous IT security standards.
Some additional reasons that our clients rely on MGT’s SOC 2 report include:
- Clients and prospects will most likely request a SOC 2 sooner or later.
- SOC 2 can bring a competitive advantage to MGT business.
- Reflection of MGT’s enhanced information security practice.
- SOC 2 helps MGT customers and prospective clients gain trust, and it enhance our credibility.
- SOC 2 compliance establishes control discipline and helps employees understand best practices.
Know your data is safe and secure with MGT
We will make the SOC 2 report available to current or potential customers upon execution of a non-disclosure agreement. We hope the steps we have taken help you and your IT teams remain confident in knowing that your data is secure with us.
To learn more about our security policies and initiatives, please contact us: www.mgtconsulting.com/contact
MGT provides integrated technology, education, and performance solutions for the SLED market throughout the U.S. to increase resiliency, defense, and response to cyberattacks. To learn more about protecting your city or county’s IT infrastructure, network, and cybersecurity with MGT’s Security Assessment and Managed Detection and Response (MDR) Services, please visit: https://www.mgtconsulting.com/capabilities/technology/
- AICPA Trust Services Criteria: https://us.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria-2020.pdf
- A-Lign Assurance: https://www.a-lign.com