Security and Compliance Updates

SecureLink is SOC 2 certified

SecureLink is Service Organization Controls (SOC) certified, which verifies our security posture and how seriously we take your company’s cybersecurity strategy.

What is the SOC audit?

The SOC audit is a third-party examination of security controls based on the Trusted Services Criteria (TSC), a set of best practices and standards that were put in place by the American Association of Certified Public Accountants (AICPA). This is a widely recognized certification and the gold standard for third party security audits.

Within SOC, there are several versions of SOC reports a company can get: 

• SOC 1: Audit of internal accounting controls.
• SOC 2: Audit of Trusted Service Criteria (TSC) for all IT systems.
• SOC 3: A summary of SOC 2 findings that are suitable for public access (limited detail). 

There are also two types of reports: 

• Type 1: A snapshot of security controls at a single point in time. 
• Type 2: A study of controls over a time period, usually a year. 

SecureLink has its SOC 2, Type 1 report. Looking ahead to 2021, SecureLink will be obtaining a SOC 2, Type 2 in 2021 once the one year study period has elapsed. Because this information is highly sensitive, it requires a nondisclosure agreement to be shared.

NERC/FERC updates

In the energy or utility space, the NERC/FERC regulation updates to the Critical Infrastructure Protection (CIP) rules went live in October. These updates included CIP-013-1 (a new rule requiring supply chain cyber risk management processes), CIP-010-3 (relating to configuration change management), and CIP-005-6 (perimeter security).

How does this affect you?

There are many features of SecureLink that help you meet the supply chain security requirements in CIP-13. Contact your Customer Success Manager for more details on ways you can be using SecureLink to help you comply with these new regulations.