In a time where privacy is of utmost concern, it’s important to ensure your data and information are in safe hands. To do so, you must verify your direct mailer is SOC 2, Type 2 certified.
Similar to how Design Distributors has been navigating the novel coronavirus (COVID-19) pandemic with an effective disaster relief plan, we have the certifications and systems to protect and store your data. Design Distributors is SOC 2, Type 2 certified, with HITRUST mapping.
What does SOC 2, Type 2 certified mean? Let’s break it down.
SOC stands for “System and Organization Controls” and is “a suite of service offerings certified public accountants may provide in connection with system level controls of a service organization or entity-level controls of other organizations,” according to the American Institute of Certified Public Accountants (AICPA). There are three types of SOC for service organizations: SOC 1, SOC 2, and SOC 3.
A SOC 2 reports on controls at a service organization relevant to five trust principles:
Security
This can include network or application firewalls, two-factor authentication, or intrusion detection, safeguarding against unauthorized access to private data.
Availability
This ensures performance monitoring, disaster recovery, and security incident handling.
Processing Integrity
Quality monitoring and process monitoring are key aspects. This principle establishes that the vendor’s data processing is timely, accurate, and authorized.
Confidentiality
To guarantee confidentiality, the report verifies encryption, access controls, and network or application firewalls. It also sets restrictions on who can access the data.
Privacy
Access control, two-factor authentication and encryption are vital to ensure privacy. The report addresses how the system uses, discloses, and disposes of sensitive information.
SOC 2 provides oversight of third-party organizations you’re working with, vendor management programs, internal governance and risk management, and regulations, according to AICPA.
There are two types of SOC 2: Type 1, which reports “on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted” and Type 2, which reviews “management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.” In layman’s terms, the former describes the third-party’s systems and determines whether they meet the principles, while the latter reports on the performance of the company’s systems.
So, SOC 2, Type 2 certification confirms a company has complied with the American Institute of CPAs criteria for managing customer data, reported the performance on its systems’ effectiveness, and passed an examination by an independent certified public accountant. Certification ensures the vendor can safely and securely handle your data and has the management systems to do so.
As a SOC 2, Type 2 certified direct mailer, Design Distributors guarantees the data you send to be printed at the plant is safe and secure. In addition to following all five trust principles, we utilize HITRUST (Health Information Trust) mapping.
This certification, issued by the risk management and compliance company HITRUST Alliance, sets protocols and verifies adherence to standards for vendors to keep protected health information (PHI) secure, manage information risk, and data. To achieve HITRUST compliance, Design Distributors underwent a comprehensive program and independent assessment.