UPDATE:  March 15, 2023 – Great news!  After completing the SOC 1 Type 1 audit, ITS embarked on obtaining our Type 2 attestation which was successfully completed on January 18, 2023.  The main difference between the two is the duration and scope of the audit.  A Type 1 report evaluates the effectiveness of an organization’s  controls at a specific point in time and provides a snapshot of the controls in place.  A Type 2 report evaluates the operating effectiveness  of those controls over a period of time, typically several months. 

The Type 2 audit was much more encompassing and drew on the talent and skills of our IT department.  The investment we made in the SOC 2 process is just one of the significant ways we care for client data.  Read on to learn about the importance of this audit and enjoy some sage advice should your organization be considering taking it on.  

In today’s business landscape, data security has become a top priority for organizations of all sizes, as we’re all more readily affected by data breaches and hackers than ever before.  Companies are asking their respective service providers to prove their data is being properly and adequately protected by completing a SOC 2 examination, and our customers were no exception.

After a substantial process, Internet Travel Solutions (ITS) is proud to announce the successful completion of our SOC 2 Type 1 audit.

What is SOC 2 exactly?

System and Organization Controls (SOC) requirements were created by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles to establish standards around availability, confidentiality, processing integrity, privacy and security.  These standards have become the metric for providing indisputable evidence that customer data is being optimally secured.

In our line of work, we’re responsible for the Personal Identifiable Information (PII) of thousands of travelers around the world every day.  This customer data is incredibly valuable, and it has always been a top priority to demonstrate to our clients that we maintain the highest level of security compliance.  Possessing a SOC 2 report demonstrates a strict adherence to security and a willingness to invest the time and resources to prove it.

Cybersecurity has become an extremely pervasive issue, and we’ve been able to add another layer of trust and credibility for our customers which has also served to make us better as a service provider.

Advice for those of you embarking on a SOC 2 audit?

1. Select a partner that can help you streamline your process, someone that can align with your industry and address your idiosyncrasies.
2. Take time to gain buy-in with more involvement from multiple departments and internal communications about the criticality of the audit. ITS partnered with Vanta for help with automating continuous compliance monitoring and collection of audit evidence.
3. Be prepared for overlap with other controls and several months of effort. This is a rigorous undertaking that does not happen overnight and requires the tenacity of a strong team.

When all is said done, having a SOC 2 report communicates something important about your organization.  For ITS, it reinforces what we value and demonstrates our dedication to customer data security.  SOC 2 compliance is an annual undertaking and one to which ITS is committed for the long haul.

Be sure to visit www.its.com to learn more about our products and services.