Compliance and Governance

Meet compliance and governance goals with novaSOC.

novaSOC standards meet or exceed multiple security audit frameworks, such as SOC 2.

Compliance and Governance

Your business is responsible for complying with regulations and laws for your state, city, and more. It’s critical that the companies you work with also comply with the laws that govern them.

Information security is critical even for a SOC provider such as novaSOC.

What Standards Do We Use?

American Institute of CPAs developed SOC 2 as an auditing procedure. It defines the criteria for managing customer data based on these five principles:

  • Privacy
  • Security
  • Confidentiality
  • Processing Integrity
  • Availability

Reports provided to you from novaSOC or any security provider will give you critical information about how we manage your data (along with regulators, suppliers, business partners, and others).

What is Compliance with SOC 2?

They designed SOC 2 specifically for service providers that store customer data in the cloud. For novaSOC, that’s all of our customers.

SOC 2 requires a technical audit. Beyond that, SOC 2 requires businesses like novaSOC to establish and follow strict information security policies and procedures. These include security, processing, availability, integrity, and confidentiality of all customer data. SOC 2 verifies that a business’s information security processes and policies comply with today’s cloud requirements’ specific parameters.

As companies leverage the cloud to store customer data more in recent times, SOC 2 compliance has become necessary for organizations like our customers.

Compliance and Governance on novaSOC

Beyond being in compliance with SOC 2, novaSOC sees handling customer data and endpoint telemetry responsibly as a critical concern. It’s why we make sure that everything that touches your endpoints goes above and beyond being SOC 2 compliant. That includes our software, systems, data, and procedures.