Intiveo is proud to announce that we have achieved SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Achieving this standard with an unqualified opinion serves as third-party industry validation that Intiveo provides enterprise-level security for customer’s data secured in the Intiveo system.
Intiveo was audited by Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out to them at [email protected].
An unqualified opinion on a SOC 2 Type I audit report demonstrates to Intiveo’s current and future customers that they manage their data with the highest standard of security and compliance.
What Is SOC 2
Successfully achieving SOC 2 compliance proves an organization has the knowledge and controls in place to address the data security and confidentiality concerns of their organization and those of their clients. It is a vital component in demonstrating the trustworthiness of any software-as-a-service (SAAS) business. SOC 2 security and confidentiality principles focus on preventing the unauthorized access and use of assets and data that are handled by the organization.
To achieve SOC 2 compliance, an organization must undergo an audit of their security practices. The audit is performed by an independent Certified Public Accountants (CPA) or accounting firm.
The basic SOC 2 checklist for compliance includes controls that cover safety standards, and consists of:
- Vulnerability and penetration testing – recurring scans and tests to ensure continued compliance
- Access controls – logical and physical restrictions on any assets, preventing unauthorized access
- Change management – a process for managing changes to IT systems as well as procedures for preventing unauthorized changes
- System ops – controls that monitor ongoing operations in order to detect and mitigate any deviations from normal procedures.
- Mitigating risk – routines and mechanisms that help identify risks and subsequently respond to them properly
- Secure development – utilizing secure development lifecycle principles in line with OWASP Top 10 recommendations
- Company policies – ensuring employees work towards all-of-the-above outcomes
SOC 2 outlines the requirements for reaching these security goals, and each company is responsible for implementing the infrastructure, procedures, controls and policies necessary to achieve them.
What Does That Mean For Intiveo?
Receiving SOC 2 compliance provides Intiveo with a few benefits;
- Undergoing a SOC 2 audit helps us improve and validate our overall security posture
- We are equipped with the tools and knowledge to safeguard all sensitive information
- Improved information security practices with the SOC 2 guidelines means we are better prepared to prevent and respond to potential security incidents
- Customers prefer to work with service providers that are proven to have solid information security standards and practices. This is especially true for cloud services, such as Intiveo.
- A client may request the SOC 2 report. They must sign an NDA in order to receive the report.
As a leader in cloud communications for dental practices, Intiveo is proud to be able to achieve SOC 2 compliance so our customers can trust that their data is secure.
“This milestone of SOC 2 certification reflects our commitment to security and is the tip of the iceberg regarding our investment into SecOps”
-Owen Ingraham, CTO of Intiveo