Is PreVeil SOC 2 compliant?
- Kelsey Sampson
SOC 2 (System and Organization Controls) is a report focusing on non-financial controls as they relate to the Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy. Our SOC 2 Type II audit revolves around the security of our cloud service, or the Security Principle.
The Security Principle consists of seven categories:
Organization and Management: How is PreVeil structured as a company? How does the company oversee the services performed?
Communication: How does PreVeil communicate with our internal and external users about how the system works? How do we communicate policies, procedures, and expectations to authorized users and other parties?
Risk Assessment & Risk Management: How is PreVeil implementing controls to manage known risks? How do we select the controls that are put in place to meet the criteria?
Monitoring: Once a control is put in place, how is PreVeil monitoring it to know that it is operating effectively and appropriately addressing the risk? Do any changes or remediations need to be made?
Physical & Logical Access: How do we control access to sensitive data and systems within our organization?
System Operations: How does PreVeil manage day-to-day processes and procedures? This includes what PreVeil does on a daily, weekly, and monthly basis to provide our services.
Change Management: When PreVeil has to make changes to our system or services, how are these changes documented? How does PreVeil test those changes and address any new risks that may be associated with these changes? How are the changes approved prior to being made?
The team at PreVeil is constantly working to improve internal standards and add new certifications & equivalencies to help our customers meet their compliance needs. To request a copy of our most recent SOC 2 Type II report, please contact compliance@preveil.com or file a support ticket.