After several months of work, we’re excited to announce that we’ve achieved SOC 2 Type 1 compliance. But what exactly is SOC 2 Type 1 and what does it mean for organizations and users?
What is SOC 2 Type 1?
System and Organization Controls (SOC) is a collection of standards provided by AICPA, the American Institute of Certified Public Accountants. The SOC standard that’s relevant to Bluink and eID-Me is SOC 2.
SOC 2 is a security standard that provides assurance that organizations have the right controls regarding security, availability, processing integrity, confidentiality, and privacy. These controls include security awareness training, data encryption, multi-factor authentication, and more.
Independent auditors look at these controls and produce reports to prove that an organization meets SOC 2 requirements.
There are two types of SOC 2 reports. Type 1 reports evaluate the design of controls whereas Type 2 reports evaluate the design and operational effectiveness of controls.
What does this mean for organizations?
As a provider of identity verification and digital identity services, many of our large clients require SOC 2 compliance.
SOC 2 compliance helps provide assurance, trust, and confidence in our eID-Me solution.
This makes eID-Me available to more organizations.
What does this mean for eID-Me users?
SOC 2 compliance allows eID-Me to be accepted as proof of identity for more services.
It also gives users confidence in our eID-Me systems, which is important because of the sensitive nature of identity information. Learn about eID-Me’s security and privacy in our FAQ.
What’s next?
It’s essential that we secure our systems and data for organizations and eID-Me users.
Our SOC 2 Type 1 report confirms that the design of our controls meets AICPA’s standards.
Our next step is to achieve SOC 2 Type 2 compliance, which will prove the design and operational effectiveness of our controls.