Every day, thousands of Gillware customers and Partners trust us with their sensitive electronic data. In order to prove to our customers that we hold the security and confidentiality of their data paramount, Gillware undergoes an annual SOC 2 Type II security audit.
For those familiar with SOC audit reviews, Gillware’s SOC 2 Type II audit status should ease any concerns you or your customers have about the security of your data during the recovery process or storage on Gillware’s backup servers. For those not familiar with what a SOC-2 Type II audit entails, we thought we would lay out the requirements in plain English.
The Service Organization Control (SOC) 2 Type II audit is performed by an independent review group that tests and reports on the operating effectiveness of a company’s “controls”, or operating procedures and rules. The audit is based on relevant “trust service principles”:
1. Security: The system is protected, both logically and physically, against unauthorized access.
In Gillware’s case, the security principle means that both our data recovery lab facilities, our online backup data center and our internal network are protected from any outside threats or vulnerabilities. Both our lab and data center have protected physical access and careful documentation of visitors. Our networks are password protected and encrypted to prevent unauthorized outside access.
2. Availability: The system is available for operation and use as committed or agreed to.
As an online backup provider, Gillware knows the importance of network availability. All of the machines at our offices are securely backed up and available in the event of a disaster. We have measures in place for emergency protocol so that our internal network and data center are always available.
3. Confidentiality: Information that is designated “confidential” is protected as committed or agreed.
All Gillware employees are required to sign confidentiality agreements to protect sensitive information that enters our lab for recovery. All backed up data is encrypted during transfer and storage to prevent outside access. Both Gillware’s recovery and backup processes are HIPAA compliant, meaning they adequately protect the confidentiality of medical records and health information. Gillware stores all personal information on our secure network and fully erases all data from failed hard drives after recovery has been completed and data has been transferred. Backed up data is stored in our secure data center owned and operated by Latisys.
The audit process is extremely rigorous and is performed each and every year. During the audit process, auditors from an independent CPA firm work to review all processes and security measures employed by Gillware. Gillware’s internal security protocol has over 75 policies that contain more than 500 separate procedures. All of them are audited every year. Needless to say, our auditors are kept busy. We have “demonstrated adherence to the principles and produced an unqualified opinion, with no significant exceptions found during the audit” to obtain our SOC 2 Type II audited status. Basically, we did everything we had to do well enough to get the seal of approval for both our data recovery and online backup companies.
To learn more about our security audit status, read our press releases on the subject from Gillware Data Recovery and Gillware Online Backup. Gillware is committed to keeping clients’ data safe in our backup data center and secure in our data recovery lab. We know customers and Partners have security at the top of their list of requirements, and we continually deliver solutions that meet and exceed expectations.
If you’re interested in learning the difference between SOC 1 and SOC 2 audits, here’s an informative article to get you started.
EDIT: As of September 2016, Gillware Online Backup has been acquired by StorageCraft. Click here to learn more about their backup solutions. Click here to learn more about becoming a StorageCraft Partner.