Important Service Update: For office closures due to Hurricane Helene, please click here.
✕Important Service Update: For office closures due to Hurricane Helene, please click here.
By now, you’re well aware of the security risks that threaten every level of an enterprise operation. So, what can your organization do about it? You’re likely taking all the necessary precautions: auditing vendors for third-party risk, asking the right cybersecurity questions, and ensuring each external vendor you use has certain cybersecurity safeguards in place.
A very “buzzy” term you’ll see in the cybersecurity space is SOC 2 or SOC 2 Type 2. If you want to manage cybersecurity risk most effectively, any external vendor your organization relies upon should be able to provide you with their SOC 2 Type 2 report.
SOC stands for “System and Organization Controls” and is both an audit procedure and a set of criteria for organizations that act as third-party service providers for technology solutions. The controls tested by the SOC 2 Type 2 procedures demonstrate that the organization is following AICPA guidelines for the five trust service principles: Privacy, Security, Availability, Processing Integrity, and Confidentiality.
Because of the amount of cyber risk that exists today, most companies have controls in place to mitigate it. The question is, do you know how the third- and fourth-party vendors your legal organization interacts with handle and reduce cyber risk?
Due to complexity and cost, only the largest firms, such as Fortune 100 companies, own and maintain their own data centers. Most companies, including U.S. Legal Support, lease space in data center facilities. U.S. Legal Support leases a data center from a leading colocation datacenter provider, which U.S. Legal Support is proud to say is verified to be SOC 2 Type 2 compliant.
Many other litigation support service providers claim to be SOC 2 Type 2 compliant, but what this typically means is that the provider they lease their data center space from is SOC 2 Type 2. U.S. Legal Support doesn’t rely solely on our data center or cloud providers to have SOC 2 Type 2 reviews for compliance. Instead, we hold ourselves to higher standards. In addition to requiring SOC 2 Type 2 compliance for our data centers, we measure our own internal business operations, processes, and staff with the same rigor as we expect of our service providers.
We have external auditors confirm each year that we – U.S. Legal Support, the company – are adhering to the AICPA standards for SOC 2 Type 2 criteria.
An independent auditor verifies our procedures, safeguards, and technology that we employ to ensure the protection of your sensitive data annually. This audit provides independent verification of implemented controls; assesses if there are any gaps and to address them, and then ensures the controls stay effective over time.
The above example illustrates how it can be very easy to feel your service provider is meeting your expectations of verified systems and organization controls when they aren’t. In 2022, it simply isn’t enough for a company to have an SOC 2 Type 2 data center; you want the entire organization to be focused on protecting your most sensitive information.
You want a service partner who puts a lot of energy into protecting your data and documenting these procedures for all to see.
U.S. Legal Support recently put together a high-level security overview that details exactly how we keep client data safe throughout our organization.
Content published on the U.S. Legal Support blog is reviewed by professionals in the legal and litigation support services field to help ensure accurate information. The information provided in this blog is for informational purposes only and should not be construed as legal advice for attorneys or clients.