DENVER, CO – Eventus Solutions Group today announced receipt of its Service Organization Control (SOC) 2 Type II attestation engagement report. This report provides independent validation that Eventus’s  internal security, availability and confidentiality controls  operated in accordance with the American Institute of Certified Public Accountant (AICPA) applicable Trust Services Principles and Criteria (TSPC).

Conducted by CompliancePoint, a PCI Security Standard Council qualified security assessor company, the examination conducted a thorough review of Eventus’s policies and practices in three areas:

• Security – ensuring the system is protected against unauthorized access (both physical and logical)
• Availability – indicating system is available for operation and use as committed or agreed
• Confidentiality – ensuring information designated as confidential is protected as committed or agreed

The TSPC for Security, Availability and Confidentiality are organized into four broad areas:  Policies, Communications, Procedures and Monitoring. CompliancePoint assessed Eventus’s conformity with each criterion across these four areas.

The AICPA created the SOC guidelines as an enhancement over the SAS 70 compliance standard. SOC 2 provides an authoritative benchmark for service organizations to demonstrate implementation of proper control procedures and practices.  Type II reports include detailed testing of the operational effectiveness of the described systems’ security controls. The AICPA issued the most recent version of TSPC, the basis for SOC compliance, in 2014.

“SOC 2 compliance has become a requirement for some of the world’s largest companies as they are acquiring management consulting, system integration and managed services offerings,” said John Smiley, Eventus Chief Information Officer. “SOC 2 Type II certification gives our clients confidence that Eventus complies with their internal security policies and standards.”

Similar Blogs