As shared in our press release, we're excited to announce that Ordr has successfully achieved SOC 2 Type 2 Compliance.
This is a milestone for Ordr, as we’ve been investing heavily in our security programs and operations since our inception. It also takes a tremendous amount of discipline to get to SOC 2. This SOC 2 certification announcement is a testament to the rigor and diligence in the way we build our product, run our cloud and data center operations, how we protect our IT assets, and how we secure our customer instances on a daily basis.
It demonstrates to our customers the confidence that we have the proper controls in place to protect their data, and is another example of how Ordr is leading the connected device security market.
Why is SOC 2 Important?
With cyberattacks hitting the headlines almost every single day, protecting your data is critical. This includes not only the data that stays within the confines of your technical infrastructure but also data that is “managed” by security vendors.
SOC 2 certification provides attestation that Ordr is meeting the rigorous standards for data protection and security
What is a SOC 2 assessment?
Developed by the American institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data in accordance with five key service principles: security, availability, processing integrity, confidentiality, and privacy.
SOC 2 assessments can be carried out in one of two ways:
- A SOC 2 Type I assessment attests to the design and implementation of controls at a single point in time.
- A SOC 2 Type II assessment attests to the design, implementation, and operating effectiveness of controls over a period of time, usually between 3 and 12 months.
In our case, Ordr was certified for SOC 2 Type 2. As part of our SOC 2 Type 2 audit, the assessor validated that our controls were not only designed and implemented, but that they also operated effectively and as intended over the defined period.
While the SOC 2 Type II assessment takes longer to complete, it demonstrates our commitment to robust information security and the implementation of controls, systems, and processes to protect sensitive customer data for some time now.
What criteria did Ordr meet in our SOC 2 assessment?
To complete the audit, Ordr engaged with an independent third-party auditing firm, who performed an extensive audit and examination of Ordr Systems Control Engine systems, tools, processes and operations in the following areas:
- Systems, information, network, infrastructure security;
- Secure software development methodologies;
- Information security policies and procedures;
- Risk mitigation and incident response;
- Logical and physical access controls;
- Employee engagement and training;
- Cloud and data center operations;
- Vendor management; and,
- Customer support.