SOC 2 Audited

LetterLogic undergoes an annual audit on our Statement Processing and Content Delivery System. We completed 2012’s audit on February 15th. The SOC 2 report provides LetterLogic’s customers with an understanding of the internal controls of LetterLogic relevant to security and availability.

More information about the SOC 2 Audit:

SOC 2: Service Organization Controls over Security, Confidentiality, Processing Integrity, Availability, and Privacy.

SOC 2 provides the same rigorous reporting framework from SOC 1, for non-ICFR circumstances related to Security, Confidentiality, Processing Integrity, Availability, and Privacy. Under SOC 2, Control Objectives are pre-defined based on structure provided by Trust Services Principles and Criteria.

The purpose of the SOC 2 report is to convey trust and assurance to users of the system that the service organization has deployed an effective control system to effectively mitigate operational and compliance risks that the system may represent to its users. Other characteristics of SOC 2 include:

  • Assertion based: Management of the service organization provides a detailed documented assertion that forms the basis for the service auditor’s examination. Management’s documented assertion is included in the SOC 2 report. The assertion includes pertinent details of the system description and controls that are expected to be relevant to users of the system.
  • Scope and focus: The report relates to one or more of the Principles defined by Trust Services:
    • Security: The system is protected against unauthorized access (both physical and logical).
    • Availability: The system is available for operation and use as committed or agreed.
    • Processing integrity: System processing is complete, accurate, timely, and authorized.
    • Confidentiality: Information designated as confidential is protected as committed or agreed.
    • Privacy: Personal information (i.e., information that is about or can be related to an identifiable individual) is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA.
  • System description needs to cover entire period: Under SOC 2 reporting, the system description needs to cover entire period of testing for operational effectiveness.
  • Risk basis for design of controls: Management’s description of the system includes all major aspects of the service provided that are relevant for the scope of the report. The SOC 2 reporting framework (to be released by AICPA in fall 2010) will identify a minimum set of control objectives to fulfill the Trust Service Principles. Service organization management will be responsible for identifying risks that threaten achievement of control objective stated in the system description, and then deploying controls to mitigate those risks. In performing this risk assessment and related control activities, Management can incorporate guidance and best practices such as ISO 27001, ITIL, CoBIT, etc.

 

About LetterLogic

In the News

Dollar SignKeep up with our latest news to see what's going on at LetterLogic.

Achievements & Awards

TrophiesSee why LetterLogic has been recognized nationally for its rapid growth and unique corporate culture.

Greening Initiatives

Greening InitiativesLetterLogic is proud to advocate eco-friendly business practices.