Upcoming Event
Copilot & Governance – More Than Just Buzzwords!
At one point, or another in the journey of every organization comes a time to define organizational values.
The dictionary understanding of organizational values is:
“A set of core beliefs held by an organization. They act as guiding principles that provide an organization with purpose and direction and set the tone for its interactions with its customers, employees, and other stakeholders.”
For Orchestry, organizational values are not just words that are written on our website or collect dust in our employee handbook, only to be read once and forgotten.
Our values are agreed upon and upheld by each and every staff member, although oftentimes maintaining them means going down a thorny, less traveled, challenging path of most resistance.
The latest tangible proof of our commitment to our organizational value of Security is our achievement of SOC 2 Type II compliance – the most comprehensive certification within the Systems and Organization Controls protocol.
And an easy feat it wasn’t. Implementation of security measures of every size and shape, across each and every device of each and every team member, months of filling out security documentation, table-top disaster, and security breach practice exercises, penetration tests – you name it, we’ve been through it all.
Apart from us living and breathing our organizational values, the trust, confidence, and peace of mind of our customers and partners is the reason why we went after the coveted SOC2 Type II certification.
Industry experts estimate that about 60% of all data breaches happen via third-party vendors, including email & cloud service providers.
According to IBM, on average, it takes companies 280 days to detect a third-party data breach. This often happens because third-party vendors tend to hide the fact that a data breach had occurred because many of them lack the security controls and protocols that are aimed at protecting their customers’ data.
With the average cost of a data breach expected to reach $5M in 2023, we weren’t prepared to take chances with our customers’ and partners’ data.
We’ve held the SOC2 Type I certification for some time, but didn’t want to stop at that, and continued to pursue the Type II accreditation.
Let’s dig in to understand what these accreditations stand for, and the difference between Types I & II.
SOC is a set of standards designed to evaluate the effectiveness of a service organization’s controls and processes in managing its information. It stands for “system and organization controls.”
The SOC standards help to provide assurance and peace of mind to organizations when they engage third-party vendors, by offering a systematic approach to assessing and reporting on the controls in place at the service organization. This helps organizations to make informed decisions about the risks associated with engaging the service provider and to ensure that the provider is following established best practices.
An organization that has received SOC certification has undergone an examination conducted by an independent certified public accountant. This examination has concluded that the organization has implemented the necessary safeguards and procedures as per the SOC standards.
SOC 1, SOC 2, and SOC 3 certifications all require the service organization to implement controls that regulate their handling of client data. The different SOC levels indicate differences in the scope of the certification and the target audience for the reports.
The SOC 2 standard is intended for more advanced information technology services providers, such as managed IT service providers (MSPs), cloud computing vendors, data centers, and software-as-a-service (SaaS) companies.
The SOC 2 framework is composed of five key sections, which make up a set of criteria referred to as the Trust Services Principles. These sections cover various aspects of the service provider’s system, including:
SOC 2 reports are available in two different forms.
SOC 2 Type II reports are the most thorough certifications under the Systems and Organization Controls framework. If your business is considering onboarding an IT service provider or SaaS platform, you should be looking for the SOC2 Type II certification to know with confidence that that vendor has taken EVERY precaution when it comes to the management and handling of your organizational data.
This is why Orchestry is so proud of this certification – obtaining the SOC 2 Type II certification is evidence that we have implemented a system that is intended to maintain the security of our client’s sensitive data.
Orchestry’s security & compliance principles guide how we deliver our products and services.
Orchestry takes the security of its data and that of its clients and customers seriously and ensures that only vetted personnel are given access to their resources.
Orchestry deploys third-party penetration testing and vulnerability scanning of all production and Internet-facing systems on a regular basis.
Achieving this certification is a massive milestone for us at Orchestry, and you can be sure that we took a minute to breathe out and celebrate it. But this is only the beginning. With Security at the forefront of our organization, and Integrity being a close second, we will continue to uphold the security standard of the highest level each and every day.
For more Microsoft 365, SharePoint Online, and Teams insights, tips and tricks, best practices, and exclusive events delivered straight to your inbox, join our mailing list today and level up your Microsoft 365 game!
/HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/HubSpot%20-%20Buyers%20Guide%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20Buyers%20Guide%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/HubSpot%20-%20Features%20Sheet%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20Features%20Sheet%20-%20Proof%20Card%20Mockup%20001-min.jpg)
