2nd Watch has announced its completion of the Service Organization Control (SOC) 2 certification, governed by the American Institute of CPAs (AICPA). The SOC2 report confirms that 2nd Watch has achieved compliance with SOC2 requirements for security, availability and confidentiality. 2nd Watch is the first public cloud-native, AWS Managed Service Partner, to achieve SOC2 certification. Other MSPs claiming SOC2 are referring to products supporting physical versus public cloud assets.
"For the first time, a third-party organization has validated a core traditional data center ops compliance framework for a cloud-born, AWS Managed Service Partner," says Kris Bliesner, co-founder and CTO at 2nd Watch. "This is a big step toward providing banks, insurance companies, healthcare providers and other large enterprises with the confidence they need to run business-critical apps and data analytics in the public cloud. It also underscores our ability to not only architect SOC2 certified public cloud solutions, but to manage them as well. That customers can get both services from a single provider is immensely valuable."
SOC reports are independent, third-party audits that demonstrate how a vendor achieves key compliance controls and objectives. The SOC2 is an objective note of confidence for customers and users, as relates to 2nd Watch controls for system and data security as well as the ability to properly prevent and mitigate outages and other disasters with minimal disruption to customer systems. As a Premier Partner in the AWS Partner Network (APN), it was also important for 2nd Watch to be in compliance with SOC2, which AWS has achieved annually for its own infrastructure and process controls.
Achieving SOC2 required 2nd Watch to execute on the integrated services roadmap over the course of 2014, including: operational standards to processes, ecosystems, and people; risk mitigation through established ITIL practices; and implementation of various compliance frameworks.
"Security is not something you think about occasionally, but a top priority that must be woven into the culture of the company, its process and its technology. For our enterprise customers, security and availability are a requirement when running business critical systems, such as ERP applications, in the cloud," says Jeff Aden, co-founder and EVP at 2nd Watch. "Achieving SOC2 is no easy endeavor, but it demonstrates to customers our commitment to execute on our roadmap of an integrated service offering, that we have rigid controls in place to safeguard their information, and that we're operating in accordance with the highest standards for security and governance. This is also important for our customers' own compliance efforts, which may require vendors and suppliers to have SOC2 in place."
This article was originally posted “2nd Watch Achieves SOC2 Compliance” from Cloud Strategy Magazine.