NextDeal, formerly DigitalDocs.net LLC, a developer of Software as a Service (SaaS) solutions for title insurance, successfully completed its SOC 2 Type I audit over the Security and Availability Trust Services Principles. This report was performed specifically for NextDeal’s DigitalDocs Hosting and Automated Marketing System.
“The successful completion of a service auditor’s report reinforces to our customers NextDeal’s continued commitment to providing secure and reliable solutions,” said Robert Reich, president and founder of NextDeal. “In light of CFPB regulations and ALTA Best Practices, a successful and ongoing SOC audit is a ‘must have’ for a data cloud storage company.”
SOC reporting has become increasingly important for SaaS providers since the passage of the Sarbanes-Oxley and various privacy legislations, which requires a company’s business partners to have adequate internal controls. NextDeal’s customers can easily incorporate its SOC report into their compliance programs as proof that appropriate controls are in place. The SOC 2 reports can also help NextDeal’s customers to comply with other regulations, including the Gramm-Leach-Bliley Act of 1999, the Health Insurance Portability and Accountability Act and other compliance requirements.
SOC 2 reporting was introduced around the same time that SSAE 16 superseded SAS 70 on June 15, 2011. SAS 70 was an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) and when SSAE 16 superseded SAS 70 the AICPA also created the SOC Reporting options.
A SOC 2 report has similar detail as the SSAE 16 and SAS 70 but is an alternative option for organizations that want to prove to their customer that they meet specific requirements based on security, confidentiality, processing integrity, system availability and privacy. Unlike the SSAE 16 report that is focused on how customers impact their clients’ financial reporting, SOC 2 audits have a base-line criteria specific to the principles under review that an organization must adhere to; in this case, security and availability.