RecordPoint is committed to creating a trusted, modern, and easy platform for Records Management and Compliance. We continually make significant investments in these areas. One example of these investments is compliance certifications for RecordPoint’s products and platform. In this post, Simon Harloff, Product Manager for the Records365 Service, explains our investment in SOC 2 Type 2 compliance.
Records365 is a cloud based record management offering that provides seamless control and automation over records in your Offic365, OneDrive for Business, and file share deployments. When you consume Records365 you can be sure that your records and sensitive information are being stored in a platform that has been designed from the ground up with security in mind. RecordPoint currently has SOC 2 Type 1 attestation with plans to complete SOC 2 Type 2 attestation in a couple of months. Our SOC 2 Type 2 attestation report should provide further assurance to your data is stored securely and that RecordPoint has rigorous controls in-place to protect your data.
About the SOC 2 Certification
SOC 2 provides a standard set of criteria or trust principles that governs how SaaS providers like RecordPoint should handle your data. There are five trust principles to assess the trust worthiness of SaaS providers like RecordPoint. The five trust principles are:
- Security: The system is protected against unauthorised access.
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, accurate, timely and authorized.
- Confidentiality: Information designated as confidential is protected as committed and agreed.
- Privacy: Personal is information collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants.
SOC 2 for Records365
SOC 2 has two levels of attestation reports that are issued by an independent auditor. These two levels of reporting are called Type 1 and Type 2.
RecordPoint currently already holds a SOC 2 Type 1 attestation report and is currently undergoing Type 2 attestation with an external auditor. A Type 1 report outlines whether a SaaS provider, like RecordPoint, has designed suitable systems and controls in accordance with the one or more of the five trust principles. SOC 2 attestation can focus on just a single or multiple of the five trust principles.
RecordPoint believes security, availability, and confidentiality are paramount when you are considering any cloud offering. Therefore, RecordPoint’s SOC 2 attestation includes those three trust principles. A Type 2 report, which is underway for RecordPoint, essentially audits the effectiveness of the controls and systems that are reported as part of Type 1.
An example of the type of control RecordPoint has implemented for the SOC 2 security trust principle is annual penetration testing which is conducted by an independent auditor. Penetration testing ensures that RecordPoint’s Records365 SaaS offering is as resilient as possible against potential attackers and intruders.
Records365 Roadmap and the Azure Platform
RecordPoint plans to certify for ISO/IEC 27001 as part of the immediate roadmap. This certification should provider further assurances around the maturity of the existing information security management systems that RecordPoint employs to keep your data safe.
Lastly, the Records365 SaaS offering is hosted on Microsoft’s Azure cloud platform, which is compliant with numerous industry certifications and standards. Azure provides a highly secure and world class foundation for Records365. The combination of Azure and RecordPoint attained security certifications and standards should provide anyone considering Records365 as their cloud based records management platform with the peace of mind that security is a principal concern at RecordPoint.
Hopefully this post has given you some insight into RecordPoint from a security perspective and what the future will offer for our Records365 offering. As a part of our focus on being a trusted platform, RecordPoint will continue to make these investments and provide current and potential customers insight into these investments.