NextDeal Completes SOC 2 Type I Compliance
September 26, 2013
NextDeal, a developer of software as a service (SaaS) solutions for title insurance companies, successfully completed its SOC 2 Type I audit over the Security and Availability Trust Services Principles. This report was performed specifically for NextDeal's DigitalDocs Hosting and Automated Marketing System.
"The successful completion of a service auditor's report reinforces to our customers NextDeal's continued commitment to providing secure and reliable solutions," said Robert Reich, president and founder of NextDeal. "In light of CFPB regulations and ALTA Best Practices, a successful and ongoing SOC audit is a 'must have' for a data cloud storage company."
SOC reporting has become increasingly important for SaaS providers since the passage of the Sarbanes-Oxley and various privacy legislations, which requires a company's business partners to have adequate internal controls. NextDeal's customers can easily incorporate its SOC report into their compliance programs as proof that appropriate controls are in place. The SOC 2 reports can also help NextDeal's customers to comply with other regulations, including, GLBA (Gramm-Leach-Bliley Act of 1999), HIPAA and other compliance requirements.
SOC 2 reporting was introduced around the same time that SSAE 16 superseded SAS 70 on June 15, 2011. SAS 70 was an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants and when SSAE 16 superseded SAS 70 the AICPA also created the SOC Reporting options. A SOC 2 report has similar detail as the SSAE 16 and SAS 70 but is an alternative option for organizations that want to prove to their customer that they meet specific requirements based on security, confidentiality, processing integrity, system availability and privacy. Unlike the SSAE 16 report that is focused on how customers impact their clients' financial reporting, SOC 2 audits have a base-line criteria specific to the principles under review that an organization must adhere to; in this case, security and availability.
NextDeal completed their SOC 2 report for their DigitalDocs Hosting and Automated Marketing System, which provides additional confidence to user organizations over the SSAE 16, since the criteria is not defined by the service organization. SOC 2 engagements are performed by an independent auditing firm and examine the controls and processes involved in the secure storage and handling of data and maintaining availability of services. The successful completion of the voluntary audit illustrates NextDeal's ongoing commitment to create and maintain the most stringent controls for the protection, security, and availability of its customers' information and assets.
The SOC 2 Type I for Security and Availability engagements, which included detailed review of the design of NextDeal's controls, was performed by Assurance Concept, an independent licensed CPA firm specializing in conducting Service Organization Control Report audits. The auditor examined NextDeal's controls related to their security and availability commitments to their customers. NextDeal received a Service Auditors' Report with a clean opinion and no exceptions were noted during testing, demonstrating that NextDeal's policies, procedures, and infrastructure for data protection, security, and availability were designed to meet or exceeded the stringent Trust Services criteria.