This Is How SOC 2 Can Protect Your Business
Tuesday, August 15, 2017

This Is How SOC 2 Can Protect Your Business

In today’s complex world of data centers and the cloud, it’s difficult to know exactly where all of your information is stored. In fact, the question of whether it’s truly “safe” often comes up. However, there are ways to safeguard your organization. Which includes making sure the vendors and solution providers you do business with are secure and reliable. At OrderDynamics, we have been SOC 2 audited.  In essence, a SOC 2 report allows our retail customers to access the information they need to decide for themselves if we’re a trustworthy partner and if we meet their standard for engagement.

Most solution providers store data in the cloud, hosted by a third-party. This makes it hard for a client to see where the data really is.

What Is SOC 2?

Firstly, let’s define exactly what SOC 2 is, and perhaps, more importantly, what it isn’t. SOC 2 is an industry standard, not a government regulation. According to SSAE-16, a “SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.”

Unlike ISO, SOC 2 is not a certification.  It is a thorough report by an independent auditor. They present their extensive findings based on a set of controls. These controls relate to technology networks, employee training, processes and procedures, and much more. A representative from the solution provider signs and validates the document. This extremely detailed report is often hundreds of pages in length.

All in all, the prospective customer then has the ability to form an opinion for themselves. They do not simply view a certification without any access to the actual findings. This makes SOC 2 much more transparent than ISO and other certifications. In essence, it means that a company interested in getting certified, does not simply have the option of paying their way to a ‘certification’ status. Because SOC 2 is fully transparent, both the certifier and the organization being certified, understand the full transparency of the process, which can be open to scrutiny should some aspect seem inappropriate.

 

Are Retailers Truly Offering Omnichannel? Find out in benchmark report.

 

Why SOC 2 Matters

Traditionally, solution providers stored data on servers within their own facilities. Today, most solution providers store data in the cloud, hosted by a third-party such as Amazon Web Services or Microsoft Azure. This makes it nearly impossible for a client or prospect to see exactly where the data truly is stored. Amazon and Microsoft store and back up this data at any number of remote data centers, the locations of which are generally unknown.

With SOC 2, the retailer has an extensive view of the security and privacy measures that the vendor takes.That being said, in the event of a data breach, the retailer is ultimately at fault and responsible for any damages. Not the vendor or cloud solution provider. These growing concerns about data and security in the cloud, along with concerns about who has access to that data (both individual and government bodies), leads to the growing importance of SOC 2. With SOC 2, the retailer has an extensive view of the security and privacy measures that the vendor takes. Ergo, this helps ensure that a data breaches doesn’t occur and sensitive shopper data isn’t compromised.

Additionally, SOC 2 is essential for solution providers doing business overseas. Europe, for example, has much stricter privacy laws. Which leads to European retailers looking at a vendor’s business practices with a much more critical eye.

Judge For Yourself

Therefore, if you’re considering doing business with OrderDynamics, our SOC 2 report is available for your review. Don’t take our word for it. Read the report and form your own opinion before beginning your omni-channel OMS implementation with us. When deciding, make sure the ask your vendor about this. If their privacy certifications are not fully transparent, and you don’t have an opportunity to review the details, proceed with caution, or consider your alternatives.

 

Related:

How To Find Out What's Really In your OMS  Want to Know More About Distributed Order Management?  Retail Infographic: Best-of-Breed vs Software Suite