Verified Data Protection
About SOC (SOC 1, SOC 2, SSAE16, SAS70) Compliance
Previously known as SAS70, the American Institute of Certified Public Accountants (AICPA) has established Service Organization Control (SOC) reporting options (SOC 1, SOC 2) to attest the quality of data service organizations. The AICPA´s SOC reports are widely recognized as "the standard" for assessing internal controls of service provider organizations like Concerto Cloud Services.
The Mark of Trust for Data Management
Rapid technological advancements have heightened the need for cloud services providers like Concerto to demonstrate the confidentiality, integrity and accuracy of systems used to process customer entity data. Our SOC certifications validate that Concerto Cloud Services has submitted to an in-depth third-party audit of both physical and virtual security controls, including data protection and procedures, to ensure quality in data management.
Concerto Cloud Services provides services that have been attested for:
Type 1 SOC
Provides independent third-party verification as to whether control activities are appropriately designed to meet specified control objectives and whether the controls were placed in operation. This level of certification focuses on the physical security of the data center and protecting against unauthorized access.
Type 2 SOC
Provides independent third-party verification as to whether control activities are suitably designed to meet specified control objectives and whether these controls were in place and operating effectively over a period of time, typically every 12 months. This level of certification focuses on virtual security including data protection and processing integrity.