cloud.ca, Canada’s cloud Infrastructure as a Service (IaaS), has earned its SOC 2 type 1 certification.
The American Institute of Certified Public Accountants created the SOC (Service Organization Control) reporting platform in order to streamline reporting on accounting practices. While SOC 1 compliance covers business and financial policies, SOC 2 is designed to understand internal controls at a service organization as it relates to the newly instituted Trust Service Principles (TSPs): security, availability, processing integrity, confidentiality and privacy.
SOC 2 compliance is designed for technology and cloud computing organizations and it includes a written statement of assertion and a description of the control environment in place within the organization. Stakeholders such as customers, partners, suppliers and advisors can gain important insight in to the service organization's internal controls. Type 1 refers to the detailed documentation of the process or policies that govern operations of this system or environment.
For cloud.ca, our Canadian IaaS, this means that we are able to demonstrate controls and best practices for our infrastructure including privacy and security requirements relating to clients’ data.
“This designation increases clients’ and potential users’ confidence and credibility in cloud.ca,” says Ian Rae, CloudOps’ CEO. “Evaluating risk and documenting every detail of our processes is an important part of what makes us a reliable IaaS provider. Enterprises are increasingly aware about security in cloud adoption and are now requiring these designations of their suppliers.”
In addition to cloud.ca’s infrastructure receiving SOC 2 type 1 compliance, our data centre colocation service provider, Cologix (Montreal zone), is certified as a SOC 1 Type 2 audited facility.