RedVision announced the successful completion of a comprehensive Service Organization Control 2 (SOC 2) Type 2 standards of control examination, set forth by the American Institute of Certified Public Accountants (AICPA).
Nearly a year after the company completed the SOC 2 Type 1 evaluation, RedVision’s successful examination against SOC 2 Type 2 standards validates the management of RedVision’s service organization, including its system and the suitability of the design and operating effectiveness of the controls in place. The report reaffirms the company’s commitment to operational excellence, specifically its processes and controls relevant to security.
“RedVision is pleased to mark an important milestone in completing the SOC 2 Type 2 report,” RedVision CEO Brian Twibell said in a press release. “We deliver title and real property research to some of the largest companies in the industry and this audit is an important best practice that gives our customers the transparency and visibility they deserve in a service partner.”
The SOC 2 report may assist customers who wish to comply with other regulatory and compliance requirements, including the Consumer Financial Protection Bureau.
“We take security seriously,” RedVision Chief Technology Officer Joe Ross said. “With the SOC 2 certification, RedVision has independent, third-party validation that we maintain the highest level of internal standards, controls and security.”
A SOC 2 examination confirms that a service organization has been through a formal evaluation based on security, availability and confidentiality principles. According to the auditor that performed RedVision’s SOC 2 Type 2 examination, these attestation reports opine on controls at a service organization relevant to the security, availability, or processing integrity of a system or the confidentiality or privacy of the information processed for the user entities.
Like SOC 2 Type 1, completion of the SOC 2 Type 2 examination indicates that RedVision – through engaging an independent examination firm – has processes, procedures and controls involved in storing, handling and transmitting data securely. The evaluation included a rigorous assessment of the company’s data center security management, written policies and procedures, physical security, network architecture, user access management, network and systems monitoring and software development, which resulted in validation of RedVision’s best-practice standards.