Cirrus Group LLC Successfully Completes Service Organization Controls (SOC 2) Audit Validation
Cirrus Group LLC today announced that it has received global security compliance verification for Service Organization Controls SOC 2 Type I. The examination was conducted by Plante Moran resulting in a CPA’s report stating that management of Cirrus Group maintains effective controls related to the Security, Availability and Confidentiality trust principals for its hosted Platforms and related internal processes and systems.
"At Cirrus Group, we want our customers to feel comfortable with trusting their mission critical applications to us and to know that they can count on us as a key partner. These credentials demonstrate Cirrus Group’s continued commitment to delivering a secure and highly available experience for our customers," said Michael Garrett, Chief Operating Officer for Cirrus Group. "We are pleased to have taken this step to further differentiate our services and to be one of the few companies to have achieved this widely recognized and highly regarded validation."
A SOC 2 report is designed to meet the needs of customers who want assurance on the controls at a service organization. These reports benefit customers by helping them better understand Cirrus Group LLC’s internal controls related to these areas and provide valuable information needed to assess and address the risks associated with an outsourced service.
SOC 2 Reports on Controls at a Service Organization are examination engagements performed by an independent service auditor (CPA) in accordance with criteria developed by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
SOC 2 reports specifically address the performance of trust principles in one or more of the following five key attributes:
(i) Security - The system is protected against unauthorized access (both physical and logical);
(ii) Availability - The system is available for operation and use as committed or agreed;
(iii) Processing Integrity - System processing is complete, accurate, timely and authorized;
(iv) Confidentiality - Information designated as confidential is protected as committed or agreed;
(v) Privacy - Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and CICA.