Visitor management and SOC 2 compliance: What you need to know

Let's explain exactly what SOC 2 is and how you can easily enhance workplace security through the adoption of SOC 2 compliant tools.
Oct 25, 2019
Visitor management and SOC 2 compliance: What you need to know

If you store customer data on the cloud, you regularly field the question, “Is my data safe?”

For SaaS providers, and IT professionals in general, the answer to that question must be, “Yes, because our systems are SOC 2 certified.”

Whether you know SOC stands for System and Organization Controls or not, software exists to support your SOC 2 compliance.

In this post, we’ll explain exactly what SOC 2 is and how you can easily enhance workplace security through the adoption of SOC 2 compliant tools.

What is SOC 2?

SOC 1 and SOC 2 are different attestations, often referred to as certifications, each with different requirements and purposes.

To protect customers who entrust organizations with their data, the American Institute of CPAs (AICPA) developed SOC 2 around five trust service principles:

  1. Security: Does your system offer protection against unauthorized access?
  2. Availability: Is the system available as agreed to with customers?
  3. Processing integrity: Is customer data and other personally identifiable information processed in an accurate and timely manner?
  4. Confidentiality: Are your commitments to customers surrounding confidentiality maintained?
  5. Privacy: Are you compliant with your privacy policy in terms of collecting, holding, disclosing, or deleting personal data?

Those principles may seem abstract, but SOC 2 compliance reporting is simplified into two types:

  • Type 1: focuses on the design of controls.
  • Type 2: covers both the design and operating effectiveness of controls.

Another difference between SOC 2 Type 1 and SOC 2 Type 2 is that Type 1 is performed at one point in time, whereas type 2 is evaluated over a period of time for additional accuracy and comprehensiveness.

Why is SOC 2 compliance important?

Because SOC 2 Type 2 reports cover both design and operations in practice, SOC 2 Type 2 is considered the most comprehensive certification. As such, when a business needs a new IT service provider, assessing whether or not the service provider possesses SOC 2 Type 2 compliance is an excellent indicator of reliability.

Data security, along with the AICPA principles developed to build trust, is complex. SOC 2 compliance boosts confidence with your sales team’s prospects, your account managers’ customers, and the many vendors and visitors who interact with your company by adding transparency to your organization.

Streamlining SOC 2 compliance with SaaS

SaaS (software as a service) is designed to maximize productivity while minimizing errors. As SaaS product designers well know, when left to manual management, data security is rife with opportunities for human error.

Workplace security is much the same. Auditing visitors’ voluntary paper trails can tricky. However, when your SaaS vendor is SOC 2 compliant, your prospects and clients can rest assured that their data is secure. Each human and digital interaction is automatically and securely logged, while the workplace security SaaS triggers a notification for the next responsible person.

One of the requirements of SOC 2 is vendor management. On an annual basis, SOC 2 compliant companies will conduct security evaluations of all of their vendors. This includes reviewing copies of the vendor's SOC 2 Type 2 report.

Manage visitor expectations and maintain security

For a human touch, Envoy lightens the load of visitor management with a powerful sign-in app. Backend reporting is also easier than ever before with the collection of digital legal documentation.

Workplace security and SOC 2 compliance

The answer to inquiries regarding your SOC 2 compliance should always be in the affirmative. But, it can be difficult to know where to start.

At Envoy, we take SOC 2 compliance seriously. For a time, we were the only visitor management system to meet SOC 2 security standards.

Today, several competitors may have earned SOC 2 compliance, but we continue to lead in workplace security. We are both compliant ourselves, and our products are geared toward ensuring your SOC 2 Type 1 and Type 2 compliance.

SOC 2 compliance isn’t to be taken lightly, but it doesn’t make for light reading either. If you have questions, please contact us at security@envoy.com.

Heading

What’s a Rich Text element?

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Button TextButton Text
AUTHOR BIO
Writer

This post was written by one of the many writers at Envoy who are passionate about helping educate and inspire workplace leaders. We cover everything from the visitor and employee experience, to space and delivery management, to the workplace tech-stack that keeps it all running.

Read more

Security is critical for the future of your business. Learn how different types of security are important in the workplace and why you need them.

Learn how to choose a visitor management solution that’s right for you, including the best features to look out for.

A quality workplace has the power to make your organization thrive, if it's managed well. In this post, explore why workplace management is so important and how to get it right for you.

In this post, we’ll explore what workplace compliance is and how to build a compliance culture for your organization.

Managing your space well doesn’t have to be difficult. But to be successful you need the right processes and tools.

With more folks sending personal packages to the workplace, having a sound mailroom management system in place is key.

Demo
Contact