Category Archives: Service Organization Control

soc2

Risk or Reward? The importance of SOC 2

Risk or Reward? The importance of SOC 2

By: Josh Markarian on August 9, 2017

As legal technology and advancements within areas such as cloud technology and software-as-a-service, clients are facing increased pressure to make sure their data is safe. Many companies resort to third party vendors to outsource services such as preserving and collecting ESI.

Unfortunately, recently third party vendors have been the source of some ugly data breach scenarios which can cause detrimental damage to both the client and the vendor. Not only will your reputation take a toll but you make encounter lawsuits and other large fines.

Service Organization Control “SOC” Reports

To best understand the implications of SOC Reports its best to understand the different types of SOC reports:

SOC 1

Type 1:  focuses on a description of a service organization’s system and on the suitability of the design of its controls
Type 2: contains the same opinions as a type 1 report with the addition of an opinion on the operating effectiveness of the controls

SOC 2

Focuses on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

Type 1: focuses on suitability of the design of a service provider’s controls over data
Type 2: centers on operating effectiveness of these controls.

SOC 3

Summary of a SOC 2 audit normally used for marketing purposes. There are less details in this report.

Why do you need a SOC 2 verified vendor?

The SOC 2 audit provides additional assurance regarding vendor controls that relate to operations and compliance relevant to one or more of the following five principles: security, availability, processing integrity, confidentiality and privacy. Not only will you be able to assure your clients of the safe guarding of their data, you will be able to comply with all of the data privacy and security laws.

TERIS | SOC 2 compliant with the highest level of security

Every employee HIPPA certified
Fingerprint reader for building entry
24/7 security surveillance cameras
Data stored in server room with a bank vault

vaultteris glass

Everything You Need To Know About The Arkfeld Conference 2016

One of the most important digital conferences in Arizona will be starting shortly. The ASU-Arkfeld eDiscovery and Digital Evidence Conference will take place in the Armstrong Hall on March 9-11, 2016, making it the fifth to date The three exciting days at ASU campus in Tempe will include stimulating information about the newest issues affecting electronic information, information governance and data analytics.

So what is The Arkfeld Conference? If you haven’t been following the latest news, The Arkfeld Conference is an annual conference taking place at the Sandra Day O’Connor College of Law. It is a Program run by attorney, author and educator, Michael Arkfeld, who believes that digital advances are very important to law professionals. William Kellerman describes Arkfeld as the ”intersection of law and technology”, in order to ensure effective education and competency among legal professionals.

Last year’s conference attracted over 150 professionals, including attorneys, service providers and counsel. The theme of ”Know the Law, Know the Technology” discussed a variety of eDiscovery issues and allowed a wide array of ideas and valuable networking opportunities for those attending.

At the fifth annual conference, Arkfeld has undertaken the theme, ”Respect the Past. Understand the Present. Shape the Future.” It will be intriguing to see exactly what technological advances will take place in order to shape the future. Some of the highlights advertised by Arkfeld include mock demonstrations on eDiscovery, as well as insights from some of this year’s featured speakers.

This is where we will be hearing from some interesting voices, including U.S. District Judges Shira Scheindlin of New York, Craig B. Shaffer of Colarado, and Xavier Rodriguez of Texas. Furthermore, we’ll be hearing insights from Technologist Steve Watson from Intel Corporation and the Associate Dean of WP Carey School of Business at ASU, Michael Goul. TERIS continues to be a long time sponsor of the Arkfeld Conference.

To register:

https://conferences.asucollegeoflaw.com/ediscovery2016/register/

What Legal Professionals Need to Know About the Importance of SOC 2 Compliance – Part 2

May 27 & 29

Many are confused about the difference between SOC 1 and SOC 2 compliance. SOC 1 focuses on the security of financials, allowing a vendor to create a set of criteria regarding compliance and then passing an audit that shows that they met the criteria. SOC 2 is a newer audit and is far more comprehensive requiring an audit that is conducted by an independent third-party and that information security controls are in place to protect data.

Why is SOC 2 Compliance Important to Security?

SOC 2 exists to address general IT controls so that clients have an expectation that their data is maintained responsibly in terms of initiation, processing and the reporting of transactions in a secure manner. Without some type of framework, and because SOC 1 compliance permitted self-policing by providers, there was previously no method of control to ensure that data was secure.

TERIS continues to achieve SOC 2 certification as part of its on-going commitment to help mitigate risks and ensure that client data is highly secure. TERIS policies, procedures and infrastructure for data protection, security and confidentiality met or exceeded SOC 2’s criteria.

If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button

What Legal Professionals Need to Know About the Importance of SOC 2 Compliance – Part 1

May 27 & 29Understanding security compliance can be especially important for legal firms that represent banks, defense contractors and other financial institutions that are regulated by the PCI Security Standards Council and the Sarbanes-Oxley Act. Data security will continue to remain a major focus for corporate IT risk management.

What is SOC 2 Compliance?

SOC 2 compliance refers to Service Organization Control (SOC) framework, which is issued by the American Institute of Certified Public Accountants. SOC works to reshape reporting requirements for service organizations, including cloud computing. SOC 1 reports are used as part of the SSAE 16 standard for reporting on controls, while SOC 2 and SOC 3 reports focus more on technology and cloud computing using Trust Services Principles.

What Does SOC 2 Certify?

SOC 2 Certifies Security, Access Reliability, Confidentiality, Process Integrity and Privacy of Information.

TERIS continues to achieve SOC 2 certification as part of its on-going commitment to help mitigate risks and ensure that client data is highly secure. TERIS policies, procedures and infrastructure for data protection, security and confidentiality met or exceeded SOC 2’s criteria.

Look for additional information in What Legal Professionals Need to Know About the Importance of SOC 2 Compliance – Part 2. If you would like more information about eDiscovery or how TERIS solutions can assist you, please contact us!

Contact button