In 2019, there were 1,473 serious data breaches. Besides the seriousness of the data breaches themselves, security is all the more important because of the need to conduct more of our personal and professional affairs online due to the coronavirus pandemic.
Data security is even more important for sensitive investigations like those that SMI Aware regularly conducts for our clients. Whether our clients need to screen people for inclusion or exclusion in a class action suit, or they’re seeking out inconsistencies in a story to support a claim of insurance fraud, we understand that the parties involved have a right to this information, but the general public does not.
SOC 2 compliance is a component of the American Institute of Certified Public Accountant’s reporting platform. SOC is an acronym that stands for Service Organization Control. The name provides a clue to the function of SOC 2 compliance, which governs security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 is both a technical audit and a requirement for adherence to comprehensive information security policies. Specifically, SOC 2 requires alerts to be established for the following areas.
- Exposure or modification of data, configurations or controls
- Unexpected file transfers
- Access or logins to privileged file system accounts
Threat indicators should be clearly indicated to allow for fine-tuning of alerts – as well as timely notification of data breaches to allow for rapid action to preserve data integrity. SOC 2 also requires developing detailed audit trails to allow for ready remediation if data breaches occur. Audit trails must include detailed contact information (who, what, when, where, why, how) to meet SOC 2 compliance requirements. The process of gathering information must be maintained in written form to allow for outside auditing.
Clearly, this level of diligence and compliance requires time, effort, and resources – resources that even the best private investigators lack and that many fly-by-night operations don’t bother with. Choosing this sort of operation puts your data at risk of falling into the wrong hands, SMI Aware abides by data security compliance standards such as ISO 27001 and ISO 27002. To learn more about how seriously SMI Aware takes data security, check out our website, or give us a call. We’ll be happy to respond to any questions.