MINNEAPOLIS, MN – April 27, 2017 – Avtex, a provider of integrated interaction solutions, announced today the successful completion of the Type II SOC 2 compliance process.
This certification comes on the heels of the organizations achievement of Type I SOC 2 in April of 2016.
“The addition of Type II certification demonstrates our ongoing commitment to mitigating potential risks associated with Security and Availability,” said Eric Van Heel, Vice President, Cloud Solutions Support. “SOC 2 also demonstrates to our customers that we have taken real steps to insure we follow industry best-practices to safeguard their systems and data.”
According to the American Institute of CPAs (AICPA), Type I reports concern policies and procedures that were placed in operation at a specific moment in time. Type II reports concern policies and procedures over the period of a year. This generally makes SOC 2 Type II reports more comprehensive and useful than Type I reports when considering a possible service provider’s credentials.
Avtex obtained Type II SOC 2 compliance in two available trust services principles, including:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
The compliance process involved several steps, including:
- Policy creation: The organization created more than 30 internal policies designed to protect customer data and ensure availability of services. Staff members from multiple departments, including the leadership team, took part in the creation and implementation of these processes.
- Training: All Avtex employees are required to understand new policies and acknowledge their commitment to follow them. This includes a requirement that all staff members undergo security and process training on a regular basis.
- Monitoring: Internal monitoring of processes and technologies is a requirement of SOC 2 compliance. Avtex conducts routine monitoring of key systems, including Anti-virus software, disc encryption, processes and more to identify and correct potential issues.
- Auditing: The organization was audited over the period of one year. that we followed our processes and procedures that relate to the security and availability trust services principles. The audit including an on-site review, during which time auditors from Linford & CO, LLP reviewed, documented, validated and insured that the organization’s processes and procedures were sound, effective and that were followed appropriately over the past year. External auditing is an annual requirement to maintain compliance.
“The effort and time invested into obtaining Type II SOC 2 compliance is significant,” said George Demou, President and CEO of Avtex. “I’m extremely proud of our team and the commitment to security and availability demonstrated daily. The addition of Type II SOC 2 compliance demonstrates to our customers that their information is secure and services will be available whenever needed. This is a major strategic differentiator within the Customer Experience consulting market.”