Announcing SOC 2 Compliance for Twingate
We are happy to announce that Twingate now has a SOC 2 Type 2 report available! As a security company, it will come as no surprise that we think about security constantly. Today, it is not enough for businesses to ensure that appropriate security practices extend throughout their own organization – they need to ensure they extend through their supply chain as well. It is now standard practice for customers to perform security reviews of their service providers, and the SOC 2 report is an important tool that assists customers with that process.
Customers entrust Twingate with a critical piece of their security infrastructure, and a SOC 2 report is one key way that Twingate provides assurance, as certified by an independent and qualified auditor, that our security practices can meet our customers’ requirements. Our SOC 2 report helps customers understand the controls that we’ve established to support the delivery of our services in a secure and compliant manner.
What is a SOC Report?
System and Organization Controls (SOC) reports are reports written by an independent third party auditor that describe how a service provider like Twingate achieves key compliance controls and objectives. SOC reports are issued after the auditor’s completion of an audit conducted in accordance with frameworks established by the American Institute of Certified Public Accountants (AICPA) for reporting on the internal controls implemented in an organization.
When organizations say they are “SOC compliant,” what this really means is that they have completed a SOC audit and have had a SOC report issued.
What Type of SOC Report Does Twingate Have?
Twingate has a SOC 2 report, which is the most common type of report for an IT vendor. A SOC 2 report focuses on the controls of a services organization with respect to security and, optionally, several other dimensions known as Trust Services Criteria. The intended audience for a SOC 2 report is typically an organization’s customers, prospective customers, and management team.
The other variants of SOC reports include SOC 1 reports, which focus on internal controls over financial reporting, and SOC 3 reports, which are essentially a condensed version of a SOC 2 report that is intended for a more general audience.
Our SOC 2 report is a Type 2 report, which means it is based on testing internal controls over a period of time. It is more rigorous than a Type 1 report, which tests controls at a single point in time and therefore does not provide assurance that security controls were maintained at other times.
How do I get Twingate’s SOC 2 Report?
Our SOC 2 report is available to existing and prospective customers today. Please request a copy by contacting firstname.lastname@example.org. If you are an existing customer, you can also request a copy by contacting email@example.com.
How Twingate helps with SOC 2 Compliance
Twingate can simplify SOC 2 compliance for organizations by helping them to more easily implement numerous security controls that a SOC 2 audits typically assess, such as:
- logical access security systems that protect information assets
- onboarding and offboarding processes for internal and external users who need access to an organization’s systems
- provisioning access based on roles and responsibilities with least privilege and segregation of duties in mind
- access security measures that protect against external threats (e.g. multi-factor authentication and contextual access policies)
- monitoring systems that detect non-compliant or anomalous activity
- processes for evaluating security alerts
In fact, we used our own product to quickly implement all of these controls as part of our SOC 2 readiness project! In the future, we’ll be writing about our own SOC 2 compliance journey and about how Twingate has helped some of our customers with their SOC 2 processes.
In the meantime, contact us if you’re interested in learning more about how Twingate can simplify SOC 2 compliance for you.