Announcement : Spiria is certified SOC 2 Type 2
A seal of confidence and security for our customers
We are proud to announce that we have achieved SOC 2 Type 2 certification, an internationally recognized certification that attests to the high quality and reliability of our services. This certification is proof not only of our ability, but above all of our commitment to protecting our customers’ data and complying with best practices in terms of data security.
What is the certification SOC 2 ?
SOC 2 (Service Organization Control 2) certification is a standard developed by the American Institute of Certified Public Accountants (AICPA) that assesses an organization's ability to manage the risks associated with the security, availability, processing integrity, confidentiality and privacy of the data it processes on behalf of its customers.
SOC 2 certification is based on five principles, known as trust criteria, which define the minimum requirements an organization must meet to ensure the security and quality of its services. These criteria are as follows:
- Security: the organization protects data against unauthorized access, modification, disclosure, damage or loss.
- Availability: the organization ensures the availability and continuous operation of its services in accordance with customer agreements.
- Integrity of processing: the organization processes data in a complete, valid, accurate, timely and authorized manner.
- Confidentiality: the organization respects confidentiality commitments and obligations towards its customers and third parties concerning the data it processes.
- Privacy protection: the organization respects the privacy principles defined by the AICPA and the laws in application concerning the collection, use, storage, disclosure and disposal of personal data.
« Obtaining and maintaining the SOC 2 certification is to me like an ultramarathon, rather than a 100-meter sprint. It's a first step in a long and continuously evolving process. Cybersecurity, as a whole, requires rigour and constant attention to detail, which our team is ready to invest in. »
– Vincent Huard, Vice President of Data Management and Analytics
To receive the SOC 2 certification, an organization must undergo an independent audit by a qualified accounting firm to ensure that it complies with the trust criteria applicable to its services. The audit covers the conception and effectiveness of the controls put in place by the organization to ensure compliance with the five trust criteria.
What is the difference between SOC 2 Type 1 and Type 2 ?
There are two types of SOC 2 certification. Among other things, it is the duration of the audit that distinguishes them. SOC 2 Type 2 is covered by a more extensive and rigorous audit.
- SOC 2 Type 1 certification attests that the organization complies with trust criteria on a given date. It assesses the conception of controls, but not their effectiveness over time.
- SOC 2 Type 2 certification attests that the organization meets the trust criteria over a defined period of time, generally from three to twelve months. It assesses not only the conception but also the effectiveness of controls, taking into account their actual use and evolution.
In other words, SOC 2 Type 2 certification meets more demanding and rigorous criteria, as it involves continuous monitoring and regular verification of controls. It offers greater assurance of the quality and security of the services provided by the organization.
What are the benefits for our clients ?
By obtaining the SOC 2 Type 2 certification, Spiria reaffirms its position as a trusted partner in the development of digital solutions for its customers.
Here are some of the main benefits that enable our customers to undertake large-scale projects with peace of mind:
- The guarantee that we uphold the highest standards of data security.
- The guarantee that we protect our customers' data against internal and external threats.
- The confidence that we ensure the availability and performance of our services.
- The confidence that we are able to react quickly and effectively in the case of an incident.
- The certainty that we treat your data with integrity, while complying with validation, accuracy, traceability and authorization rules.
- The peace of mind that we respect your confidentiality obligations and do not disclose your data to unauthorized third parties.
- The security of knowing that we respect privacy principles and comply with applicable laws on personal data.
SOC 2 Type 2 certification is a guarantee of trust and security for our clients, testifying to our commitment to delivering quality services and upholding industry best practices. It represents excellence in data security across industries, and is becoming increasingly sought after for software development projects. It was therefore only natural for Spiria to be one of the few expert firms in North America to be certified.
We are proud to be certified and to guarantee the excellence, reliability and rigor of our business practices.
Start a project with confidence : NewProject@spiria.com.