At Bolton Secure, we are on a mission to simplify and improve how companies staff, manage, and optimize their Security Operation Centers (SOCs). There is a high level of trust that our customers expect when using our services and that is why we are deeply committed to our own compliance and security measures.
We are pleased to announce the validation of the internal controls established as part of the compliance and security programs with the completion of our SOC 2 Type. The SOC 2 Audit covers the design effectiveness of our internal controls including security, availability, and confidentiality. The audit was performed by A-lign, a licensed CPA firm.
Bolton Secure was examined in three Trust Service principles as part of the SOC 2 examination:
- Security - Validation that our systems are protected against unauthorized access, use, or modification.
- Availability - Validation that our systems are available for operation and use as committed or agreed.
- Confidentiality - Validation that information designated as confidential is protected as committed or agreed.
The SOC 2 Audit requires a strong compliance and security program. We have established programs to effectively manage our employees and support our customers. In addition, we have implemented detailed controls and procedures over how we handle customer data. The audit validated our policies, procedures, physical security, training, as well as monitoring and detection controls to help secure and protect the Bolton environment.
Bolton Secure's SOC 2 report is available to existing and prospective customers under a non-disclosure agreement. For further information or to request a copy, please contact your account manager or sales executive.
About AICPA and SOC 2
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Additional information can be found here.