In a world relying increasingly on the acquisition, transition and storage of electronic data, security is more important than ever. One way to guarantee that the company handling your data capture, processing and storage needs is reliable is to make sure it has a SOC 2 Type 2 report.
According to a post by Mitch Taube for the AIIM Community blog, the SOC 2 report is the best way to “gain information and assurance about a scanning company’s controls and processes that affect the security, availability and processing integrity of the systems used to process your documents.” Outsourcing your document processing needs to a company that has received its SOC 2 Type 2 report ensures you’re working with someone who has taken the necessary steps to meet compliance requirements.
The American Institute of Certified Public Accountants (AICPA) created the Service Organization Control 2 Type 2 (SOC 2 Type 2) as standards governing how service providers would protect the information of their clients. SOC 2 is recognized as the global standard for secure and confidential information handling. Its key components are:
- Security: Ensuring systems are protected against unauthorized access
- Confidentiality: Information is protected as agreed to by client
- Availability: System is available for operation and use as agreed
- Processing Integrity: Image processing is complete, accurate, authorized and timely
- Privacy: Information is collected, retained and destroyed according to existing privacy notice.
Before you engage a service provider for data capture, document imaging or enterprise content management, be sure that provider has SOC 2 Type 2 certification. Applications and software developed by a SOC 2-certified organization must follow audited processes and controls that ensure applications and code are developed, reviewed, tested, and released following the AICPA Trust Services Principles. The certification is crucial when trusting a company with highly sensitive information, including passwords, documents and secure images.