CRI provides SaaS services to a diverse group of clients across multiple industries. Most of our systems are designed to share media and information with the public, but how that gets done and who controls how it happens must be protected. As CRI has grown, we have built increasingly strong and structured processes and security protocols to safeguard clients’ operations and have recently achieved SOC II Type 1 Compliance to provide independent, standards-based validation for that work.
The American Institute of Certified Public Accountants (AICPA) has developed a complete, industry-standard framework for validating compliance with industry best practices. This standard is Service Organization Control Type 2 – AKA ‘SOC II.’ Compliance with SOC II shows that a SaaS provider has developed and uses well-defined processes and practices to ensure security, stability, and privacy in its products.
What Does It Take to Be SOC II Compliant?
To meet all the necessary conditions to be SOC II compliant, organizations must develop and require organizational compliance with policies, practices, and tools that are all evaluated and continuously monitored for security, availability, and confidentiality.
Software must be developed, tested, deployed, and monitored with these characteristics in mind, and everything used to operate SaaS systems must be continuously compliant with these.
SOC II is much more than a one-time project or feature. It is an ongoing commitment to providing software and services to clients using known best practices across a business. The policies we follow to stay compliant are focused on software delivery, but the process involves commitment from all parts of the company. It includes Cloud Operations, Finance, Development, Security, IT, Procurement, and more.
Why Being SOC II Compliant Is Important?
By achieving SOC II compliance and committing to its ongoing upkeep, CRI has gotten independent validation that it operates in a professional, purposeful, and structured way and has a framework for continuous validation of those principles.
Achieving and keeping compliance shows that we follow best practices and standards in multiple areas of our business. This ongoing commitment provides tangible, measurable
reassurance to our clients that we provide best-in-class products that are safe, highly reliable, and ensure their confidentiality.
The Future
CRI has achieved SOC II Type 1 compliance and is actively working to complete Type 2 compliance. Type 2 provides independent verification that the company’s ongoing operations continue to follow the practices and principles specified and required by Type 1.
CRI has committed to continuously following, monitoring, validating, and improving the policies and practices implemented to achieve Type 1 compliance. We look forward to continuing to provide increasingly feature-rich, resilient, secure, and highly available solutions to our clients and are excited to share this good news!
Share this
SOC Compliance, the Cloud, Security and Network Infrastructure: addressing the top concerns of IT network stakeholders
Reinforcing Corporate Compliance Goals with Digital Signage
