InRule®, provider of the industry-leading decision platform, today announced that the company has undergone a System and Organization Controls (SOC) 2SM examination resulting in a CPA’s report attesting that the management of InRule maintained effective controls over the security, availability, processing integrity, and confidentiality of its operations and solution. The engagement was performed by BARR Advisory, P.A.
A SOC 2SM report is designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls at a service organization that are relevant to the security, availability, confidentiality, privacy, or processing integrity of the system used by the service organization to process or store customers’ information.
“Our SOC 2 Type II attestation demonstrates that we have the appropriate controls in place to mitigate risks related to security, availability, confidentiality, and processing integrity,” said InRule Co-Founder and Chief Executive Officer Rik Chomko. “This milestone underscores our promise to our customers that we value their data and are committed to protecting it.”
The SOC 2 Type II guidelines are set forth by American Institute of Certified Public Accountants (AICPA). It’s widely recognized as the standard for data security. It requires that companies establish and follow rigorous data security policies and procedures.
The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA) for use by practitioners in the performance of trust services engagements:
- Security – The system is protected against unauthorized access (both physical and logical).
- Availability – The system is available for operation and use as committed or agreed.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
- Processing Integrity – System processing is complete, accurate, timely and authorized.
A SOC 2SM report is an internal control report on the services provided by a service organization to its customers and provides valuable information that existing and potential customers of the service organization need to assess and address the risks associated with an outsourced service.