Pursuing Service Organization Control (SOC 2) compliance is a large, but very worthwhile undertaking. SOC Type 2 is an indicator of VERO’s focus on security efforts and keeping our data, and customers’ data, secure. A SOC 2 compliant organization passes audits to show it has all the appropriate procedures in place to ensure the security, confidentiality, and integrity of user data.
Owners, operators, and renters trust us with their most sensitive information and VERO’s certification reflects how seriously VERO takes that responsibility. The goal was to demonstrate to our clients, through collaboration with an independent third party, Drata, that our security measures are aligned with the advanced parameters of today’s security requirements and expectations.
The American Institute of CPAs developed SOC 2 – the gold standard of data protection. It’s a voluntary compliance standard that defines criteria for how to manage private customer data safely and securely. SOC 2 is based on five trust service principles.
Incorporated into these SOC 2 trust principles are even more principles related to the organization itself. They range from ethical behavior to hiring and retention and data security protocol development. Developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), these principles look at the standards, processes, and structures that provide the basis for carrying out internal control across the company.
Categories of the COSO principles that have been included in the SOC 2 trust principles include: - Control environment - Communication and information - Risk assessment - Monitoring activities - Control activities - Logical and physical access controls - System operations - Change management - Risk mitigation.
Achieving SOC 2 compliance requires an organization to follow strict information security policies and procedures to prevent unauthorized use of customer data. To gain that compliance, the organization must scrutinize all its policies. It must then ask for a SOC 2 audit which brings in certified outside CPAs familiar with SOC 2 who will inspect and analyze the organization’s policies, controls, and its operations.
The process of obtaining SOC 2 certification assesses if an organization is adhering to the SOC 2 trust principles. Earning SOC 2 takes months and great resources of time and money. Given that SOC 2 compliance is voluntary, this outlay of resources demonstrates the organization’s commitment to data security and privacy.
Once the external auditor analyzes, evaluates, and tests policies and procedures, it can either attest to SOC 2 adherence or not.
At VERO, Drata was selected as the platform to provide 24/7 continuous security and compliance with the SOC 2 trust principles. VERO is proud to have easily achieved voluntary compliance with SOC 2.
In a word, yes.
It means the SOC 2-compliant company maintains a high level of information security. Strict compliance requirements tested through on-site audits can help ensure sensitive information is handled responsibly.
It also demonstrates that the company has solid information security practices as defined and tested by an expertly trained independent accounting and auditing firm and that they are operating effectively.
So, SOC Compliance is important, but what does it mean for you? It means your applicants can provide their data securely. It means your leasing agents have another reason to boast that your brand can be trusted. In short, it means VERO takes care of your community the way you would take care of your community.
Data breaches are commonplace and your organization has too much to lose to take a chance on working with a partner that isn’t SOC 2 compliant. In leasing applications, operators are asking applicants to provide their most personally identifiable information and sensitive personal data. Screening renters includes a series of evaluations about a person’s background and financial history. Renter screening activities are opportune for bad actors.
When seeking business partners, it is critical to evaluate not just services rendered but also the infrastructure and policies in place. Aside from basic security, most companies need to evaluate the impact of business continuity. Working with companies that do not focus on security can open your organization and applicant to reputational and financial risk.
VERO’s SOC 2 certification attests to the world that we take security very seriously and are trustworthy of your organizational and renter data.
At VERO, data security and compliance aren't just checkboxes; they're a mindset. And achieving SOC 2 Type 2 certification underscores that guiding principle.