MEGA Achieves SOC 2 Type II Compliance
BOSTON, February 27, 2018 –MEGA International announced that it meets the Service Organization Controls (SOC 2) compliance standards adopted by the American Institute of Certified Public Accountants (AICPA).
To meet SOC 2 audit requirements, MEGA has implemented specific document policies, processes, procedures and systems. Because of these actions, MEGA can provide independent audit reports to its customers who use the company’s SaaS offering, showing that their sensitive data is protected. They show the controls that are monitored to assure the overall security of facilities, IT systems, and the end-to-end value chain, including vendors.
“The operations of SaaS and cloud services providers can affect their customers’ operations and their regulatory requirements,” explained Lucio de Risi. “These customers want to know that their services providers have adequate controls that are designed appropriately and operating effectively.”
Cloud computing opened the door to new data security risks. As more IT operations have moved from within companies to outside via SaaS options, enterprises in many industries, such as health care and finance, that must comply with regulations to protect sensitive data, look to their services providers to provide proof that they are doing the same. An SOC 2 audit provides that assurance.
“Today, SOC 2 Type II compliance is considered essential for SaaS providers; it demonstrates professionalism and a commitment to high standards,” de Risi continued. “With our SOC 2 audit reports, we can assure our customers that we meet the most demanding requirements for the security, availability and confidentiality of their information.”
The AICPA developed the SOC 2 specifications to standardize audits of company operations. Companies that want to achieve SOC 2 compliance engage independent auditors to examine and report on the controls covered by the SOC 2 standards.
SOC 2 audits focus on controls that are relevant to the Trust Service Principals of SOC (security, availability and confidentiality). The SOC 2 Type 1 report provides information on the suitability of the design of controls. The SOC 2 Type II report also describes the operating effectiveness of these controls; it is the most comprehensive type of report.