Blog

SOC 2 Compliance: Commitment to Your Safety and Security - Irth Solutions

Written by Scott Wilson | Feb 20, 2023

Security and safety are priorities at Irth. As an industry leader, we are proud to consistently deliver the most robust technology and innovative solutions to protect critical network infrastructure. This protection includes a SOC 2 Type 2 attestation report, a voluntary security framework developed by the American Institute of Public Accountants (AICPA) to safeguard your data from unauthorized access and other vulnerabilities.

Your data security is paramount. Every year we hear about thousands of data breaches, exposing billions of records. Experts believe these numbers will continue to increase. Without proper security, your data is at risk of being stolen, and your organization is vulnerable to attacks, malware installation, and extortion.

As your trusted partner in damage prevention, risk management, asset protection, governance, and compliance, we pursued a SOC 2 Type 2 attestation report to validate our adherence to the highest standards for security, availability, and confidentiality.

What is SOC 2 Type 2?

The American Institute of Public Accountants developed SOC 2 as a compliance and auditing standard for service organizations to manage customer data and continuously monitor security controls. Based on five trust principles — security, availability, processing integrity, confidentiality, and privacy — a SOC 2 Type 2 attestation report is issued by outside auditors.

Irth uses an independent automation platform to monitor more than 100 internal security controls continuously. With this oversight, we can confidently prove our compliance with a SOC 2 Type 2 attestation report and your data’s security every single day.

What are the Trust Service Criteria (TSC) of SOC 2 Type 2?

To receive a SOC 2 Type 2 attestation report, the independent auditor assesses Irth on three Trust Service Criteria.   

  • Security: Are the access controls, such as web application and network firewalls, intrusion detection, two-factor authentication, and other access measures sufficient to protect the system from unauthorized access? These access controls prevent intrusion and potential system abuse, theft, misuse of software, and more. 
  • Availability: This principle evaluates the accessibility of the system as defined by the service-level agreements. Security-related criteria that may impact availability include security-incident handling, disaster recovery, and performance monitoring. With a guaranteed 99.95% uptime, our reliability is unmatched. 
  • Confidentiality: The confidentiality trust principle examines our user control protocol and the ability to control user access for different data sets. Encryption, network and application firewalls, and other rigorous access controls are essential for this principle.  
 

Is SOC 2 compliance required for SaaS providers?

No. A SOC 2 Type 2 attestation report is not required for SaaS service providers. Irth pursued this because we want our customers to be confident our data security initiatives will protect their data from unauthorized access.

Why is SOC 2 compliance important?

SOC 2 Type 2 attestation report parameters ensure continuous security control monitoring and best practices to protect our customers’ data. It promotes a security-first mindset in our organization and involves ongoing training in best practices when handling customer data, penetration tests, secure software development, and data encryption. Confirmed by an independent auditor, this is an objective analysis of ongoing security and protection of customers’ data.

Irth uses Drata’s automated platform to continuously monitor internal security controls. A SOC 2 attestation report confirms Irth’s information security practices, policies, procedures, and operations meet the rigorous SOC 2 Type 2 attestation Trust Service Criteria for security, availability, and confidentiality.

Our ongoing commitment to industry best practices is just one of the reasons 17 of the top 20 largest electric, energy, gas, telecom, and media companies depend on us to support their damage prevention efforts with our market-leading SaaS platform.