Why SOC 2 Compliance Matters for Cloud Vendors (And Their Customers)

Companies across all industries continue to adopt the cloud. In fact, studies show from 2018 to 2019, there was a 30% jump in the total number of apps used per company year-over-year.

Despite an increase of use, there is still apprehension around data security and cloud applications: IT departments want to know that their critical business data is safe and protected.

The good news is that cloud vendors (like Backupify) go through extensive audits to ensure that its customers’ data is as secure as possible. With all these security regulations for cloud vendors, the cloud has actually become a safer place to store data than on-premise.

At Backupify, we have stringent security regulations and protections. In addition to being HIPAA compliant and using OAuth-based authentication, another major component of our security arsenal is our SOC 2 Type II compliance.

Read on to learn about what SOC 2 Type II compliance means and how it helps protect your data.

The Importance of SOC 2 Type II Compliance

Soc 2 Type II compliance is crucial for any vendor working with larger, enterprise-level companies. Conducted by an independent audit firm, the audit is a rigorous review of a company’s backup and recovery systems. The Soc 2 Type II audit includes a full assessment of a company’s infrastructure, software, people, procedures, and data. As enterprise organizations have more stringent data security standards, vendors that are Soc 2 Type II compliant have a leg up.

The Difference Between SOC 1 and SOC 2 Compliance

There is a common misconception in the industry as to the difference between these types of compliance.

• SOC 1 or SAS 70 or SSAE15 compliance is more focused on the security of the financials of a cloud vendor. Also a vendor with SOC 1 compliance under their belt simply means that the vendor created a set of criteria and then passed the audit. In other words, the vendor creates the test that it needs to pass.

• SOC 2 compliance tests if there are information security controls around the data. It’s a newer audit and is much more comprehensive compared to a SOC 1 audit. Also, a SOC 2 audit is completed by an independent third-party.