Proof of Compliance for Vendors and Clients
What you should know before entering a service agreement
Accutrac is now officially SOC 2 compliant. We are proud to prove our adherence in security, privacy, and confidentiality of data. We'll look at how our compliance affects our clients, and how your vendors' compliance affects you.
What does SOC 2 mean?
SOC stands for Service Organization Controls, SOC 2 is for controls that have to do with security, availability, processing integrity, confidentiality, and privacy. The SOC 2 document for an organization reports the effectiveness of the service organization controls within the management system. There are several types of SOC reporting. SOC 2 is a specific type of adherence within the set.
Importance of SOC 2 compliance
Since Accutrac handles confidential consumer data we need to be SOC 2 compliant. The report states that our management system controls were effective at the time of the audit.
Our system’s controls ensure that we handle data with security, availability, processing integrity, confidentiality, and privacy. Having the SOC 2 official compliance gives proof of our organization’s integrity. We know this is a benefit to our clients, so we present it as an important quality of our business.
Checking compliance of your vendors
If your verification or data provider does not comply with the same standards as your company, you are at risk. Your company may be liable for violations committed by a vendor that is acting on your behalf.
It is important to know your vendors' specific compliances before entering a service agreement. When another company is representing you in a consumer-facing way, make sure it represents you well. Laws and regulations are important and your vendor should share these values.
Ideally, any company you choose to work with would abide by TCPA, FDCPA, CFPB, Privacy act, ISMS, and SOC 2 standards. In reality, proof of compliance is an expensive route to go.
So when you’re choosing a vendor, make sure they are aware of new TCPA rulings, essential security and data privacy measures, and important compliance certifications. It will reduce your risk of violations and cause your company less hassle in the long run.
Important items to look for:
- Technical documents describing a company’s legal and security standards
- Details on how the company is compliant with methods or systems
- Certificates, audits, and formal documents
It’s one thing to promote your company using buzzwords, and another thing to provide readily-available proof of compliance. Our compliance is detailed here, with both security and legal standards addressed.