Forwood is proud to be SOC 2 Type 2 compliant
We’ve demonstrated our commitment to protecting customer data by achieving SOC 2 Type 2 compliance.
In our digital world, organisations that handle sensitive client data must ensure their information systems are protected from potential cyber threats.
For Software as a Service (SaaS) companies like Forwood, this means implementing the proper cybersecurity controls to keep client data safe from unauthorised access, data breaches, and other cyberattacks.
SOC 2 Type 2 certification indicates our controls are compliant with the requirements of a respected international framework for cybersecurity.
Read on to learn more about SOC 2 Type 2 compliance and what it means to us at Forwood.
What is SOC?
System and Organisation Controls (SOC) compliance refers to a specialised reporting process that enables service and/or software organisations to demonstrate their ability to securely manage data.
Developed by the American Institute of Certified Public Accountants (AICPA), SOC reports are produced by an independent third-party following an audit of an organisation’s information systems.
SOC reports are important for communicating to internal and external stakeholders that an organisation is operating in a responsible, compliant, and cybersafe manner.
What is SOC 2 Type 2?
SOC 2 certification is designed for service organisations such as SaaS, cloud service, and managed service providers who process or manage sensitive client information.
A SOC 2 report details the organisation’s internal controls for protecting customer data and assesses them against five Trust Services Criteria:
 |
Security: Systems are protected against unauthorised access and damage. |
 |
Availability: Data and systems are always available as per service level agreements. |
 |
Processing integrity: System and information processing is complete, valid, accurate, timely, and authorised. |
 |
Confidentiality: Confidential information (non-personal) is securely managed and protected as committed to or agreed upon. |
 |
Privacy: Personal information is collected, used, retained, disclosed, and disposed of in accordance with policy and generally accepted privacy principles (GAPP). |
A type 2 report details and evaluates the operational effectiveness of controls over a specified period (typically 6-12 months) whereas a type 1 report focuses on the design and implementation of controls as at a specific point in time.
How do you achieve SOC 2 compliance?
To achieve SOC 2 compliance, an organisation typically follows these common steps:
- Conduct a readiness assessment: Evaluate existing cybersecurity controls and identify any gaps.
- Implement controls: Address gaps by implementing appropriate policies, procedures, and technologies.
- Documentation: Maintain thorough records of cybersecurity controls and processes.
- Audit: Engage a certified CPA firm to conduct the SOC 2 audit.
- Certification: Receive a SOC 2 report which can then be shared with relevant stakeholders.
At Forwood, SOC 2 Type 2 certification was achieved through a dedicated effort from all our teams, led by a company-wide commitment to ensuring the integrity of our information systems.
What does SOC 2 Type 2 compliance mean to Forwood?
SOC 2 Type 2 compliance demonstrates our ability as an organisation to securely manage and protect our customers’ sensitive information.
At Forwood, our business is helping high-risk industries eliminate workplace fatalities through best practice critical risk management. Keeping client data secure is similar in that the right controls must be verified as in place and effective to reduce the risk from potential threats.
Achieving SOC 2 Type 2 certification confirms our cybersecurity controls are operationally effective and compliant with the standardised SOC security framework.
To learn more about how Forwood manages and protects customer information, read our privacy policy or get in touch.
