BackBox Achieves SOC 2 Type 2 Compliance

Richard Phillips

Blue White Modern Business Technology Twitter Post-3

Organizations are increasingly concerned about the security, privacy, availability, and integrity of shared data. The BackBox cyber resilience platform prioritizes privacy and security to maintain data confidentiality and integrity.

This commitment is demonstrated by our achievement of SOC 2 Type 2 attestation, which offers independent validation that our security controls and operational processes adhere to high standards of excellence.

What is SOC 2?

Created by the American Institute of Certified Public Accountants (AICPA), a SOC 2 Report verifies the outcomes of a thorough audit that emphasizes the controls at the system level responsible for processing data.

SOC 2 reports cover the design and documentation of controls and provide evidence of how the organization operated the documented controls over an extended period for a given point in time.

There are two different types of SOC 2 reports.

A SOC 2 Type 1 report describes a service provider’s systems and whether the system is suitably designed to meet relevant trust principles. 
A SOC 2 Type 2 report details the operational effectiveness of those systems and includes a historical element that shows how a business managed controls over time.

What it Means to Meet SOC 2 Compliance Requirements

SOC 2 is neither a standard nor a requirement. For example, security standards like SOX, PDI DSS, or GDPR have specific requirements, while the policies, procedures, and technical controls of SOC 2 are distinct to each organization.

To achieve SOC Compliance, your organization must pass a technical audit conducted by a third party. This audit will validate whether your organization has created, documented, and followed various policies and procedures.

How does SOC 2 Compliance benefit BackBox customers and partners?

BackBox is dedicated to building trust with our customers and partners by providing innovative technology and valuable insights in a thoughtful, ethical, and secure manner. We consistently and rigorously test our infrastructure and applications to identify and address vulnerabilities. Additionally, we collaborate with industry security teams and third-party specialists to protect our users and their data.