SiteDocs is SOC 2 Compliant

As a SOC 2 compliant company, SiteDocs has the infrastructure, tools, and processes to protect your information from unauthorized access both from within and outside the company. By opting for SiteDocs, you're not just choosing a platform; you're choosing a shield of security. Our SOC 2 compliance isn't just a certification; it's a testament to our dedication in safeguarding your sensitive information. Your decision to partner with us demonstrates your discerning approach to data management, marking you as a leader who values uncompromised security and professionalism.

About

SOC 2 is a security framework developed by the American Institute of CPAs (AICPA) that defines specific criteria for Service Organizations to securely manage their customer’s data. While companies have the flexibility to adopt practices and processes tailored to their business operations, SOC 2 specifies the baseline criteria for maintaining a robust information security program. 

Each year, SiteDocs completes a rigorous SOC 2 audit performed by accredited independent auditors to ensure that our security controls, processes, and risk mitigations adhere to SOC2 standards. Auditors check 63 Security Controls in 13 different categories. We do almost 100  separate evidence tasks over the course of a 12 month audit period to collect the evidence needed to confirm the operational effectiveness of our controls. Once complete, auditors issue a detailed report describing each audited control, the procedures used to verify the controls, and their audit findings. As SOC 2 (Type II) is a “continuous compliance” audit, auditors not only confirm that controls are well designed and implemented, but that they are actually effective and continuously followed throughout the year.

Trust Service Principles

SOC 2 defines criteria for managing customer data based on five “trust service principles”. SiteDocs audits against 3 of these Trust Principles each year: Security, Availability, and Confidentiality.

• Security:

  Security involves implementing sophisticated measures like firewalls and two-factor authentication to safeguard information and systems from unauthorized access. It's akin to fortifying the digital perimeter, ensuring data remains protected against potential breaches.

• Availability:

  Ensuring the continuous availability of infrastructure, software, and information is paramount. This involves rigorous operational controls, constant monitoring, and timely maintenance. It also involves protecting against external threats that could disrupt services or compromise data integrity.

• Confidentiality:

  Confidentiality pertains to the meticulous protection of sensitive data, limiting access to authorized individuals or entities. This includes safeguarding client data, proprietary company information, and any other data classified as confidential under applicable laws, regulations, contracts, or agreements.

To learn more about SOC 2 or to request SiteDocs’ most recent SOC 2 report, visit SiteDocs’ Trust and Security page.