Case Study: Western Digital Blue WD3200AAKS-00L9A0 making a clicking noise
May 9, 2014
What you don’t know about your solid state drive (SSD)
July 30, 2014

Gillware completes SOC 2 Type II security audits

web-seal-4Every day, thousands of Gillware customers and Partners trust us with their sensitive electronic data.  In order to prove to our customers that we hold the security and confidentiality of their data paramount, Gillware undergoes an annual SOC 2 Type II security audit.

For those familiar with SOC audit reviews, Gillware’s SOC 2 Type II audit status should ease any concerns you or your customers have about the security of your data during the recovery process or storage on Gillware’s backup servers. For those not familiar with what a SOC-2 Type II audit entails, we thought we would lay out the requirements in plain English.

The Service Organization Control (SOC) 2 Type II audit is performed by an independent review group that tests and reports on the operating effectiveness of a company’s “controls”, or operating procedures and rules. The audit is based on relevant “trust service principles”:

1. SecurityThe system is protected, both logically and physically, against unauthorized access.
In Gillware’s case, the security principle means that both our data recovery lab facilities, our online backup data center and our internal network are protected from any outside threats or vulnerabilities. Both our lab and data center have protected physical access and careful documentation of visitors. Our networks are password protected and encrypted to prevent unauthorized outside access.

2. Availability: The system is available for operation and use as committed or agreed to.
As an online backup provider, Gillware knows the importance of network availability. All of the machines at our offices are securely backed up and available in the event of a disaster. We have measures in place for emergency protocol so that our internal network and data center are always available.

3. Confidentiality: Information that is designated “confidential” is protected as committed or agreed.
All Gillware employees are required to sign confidentiality agreements to protect sensitive information that enters our lab for recovery. All backed up data is encrypted during transfer and storage to prevent outside access. Both Gillware’s recovery and backup processes are HIPAA compliant, meaning they adequately protect the confidentiality of medical records and health information. Gillware stores all personal information on our secure network and fully erases all data from failed hard drives after recovery has been completed and data has been transferred. Backed up data is stored in our secure data center owned and operated by Latisys.

The audit process is extremely rigorous and is performed each and every year.  During the audit process, auditors from an independent CPA firm work to review all processes and security measures employed by Gillware.  Gillware’s internal security protocol has over 75 policies that contain more than 500 separate procedures.  All of them are audited every year.  Needless to say, our auditors are kept busy. We have “demonstrated adherence to the principles and produced an unqualified opinion, with no significant exceptions found during the audit” to obtain our SOC 2 Type II audited status. Basically, we did everything we had to do well enough to get the seal of approval for both our data recovery and online backup companies.

To learn more about our security audit status, read our press releases on the subject from Gillware Data Recovery and Gillware Online Backup. Gillware is committed to keeping clients’ data safe in our backup data center and secure in our data recovery lab. We know customers and Partners have security at the top of their list of requirements, and we continually deliver solutions that meet and exceed expectations.

If you’re interested in learning the difference between SOC 1 and SOC 2 audits, here’s an informative article to get you started.

EDIT: As of September 2016, Gillware Online Backup has been acquired by StorageCraft. Click here to learn more about their backup solutions. Click here to learn more about becoming a StorageCraft Partner. 

7 Comments

  1. […] is a hot topic in today’s world of data breaches and security hacks. Our operation is SOC 2 Type II security audited; performing the audit and maintaining our audit status costs […]

  2. […] Our automatic, remote backup service is supported directly from our headquarters and is secure, reliable and affordable. It integrates seamlessly into Windows and allows you to easily choose which folders and file types are backed up. Icon overlays show you which of your files are safely encrypted, compressed and stored at an SAS-70 data center. […]

  3. […] Gillware has rules to follow regarding the security of our customers’ data as laid out by the SOC 2 Type II audit. In these cases, encryption is not only necessary but required in order to be compliant of those […]

  4. […] Gillware has rules to follow regarding the security of our customers’ data as laid out by the SOC 2 Type II audit. In these cases, encryption is not only necessary but required in order to be compliant of those […]

  5. […] is a hot topic in today’s world of data breaches and security hacks. Our operation is SOC 2 Type II security audited; performing the audit and maintaining our audit status costs […]

  6. […] of clients’ backups. Our entire backup process, software and data storage facilities are SOC 2 Type II security audited so you can be sure your sensitive information is being kept […]

  7. […] We were happy to reunite Jon’s company with its data while it still held its full value. Of course, our neighborly advice to all small businesses is to run our remote backup software, which automatically encrypts the files and folders you select and makes a compressed and encrypted c…. […]

Leave a Reply

Your email address will not be published. Required fields are marked *