What Coretek’s SOC 2 Attestation Means for You

When it comes to information security, you can never be too careful. With the growing array of bad actors threatening to breach the mountains of mission-critical data stored in the cloud, Managed Services, Managed Security Services, and cloud providers must adhere to exceptionally high standards of information security.

A critical part of this process is the use of third-party audits. These audits often benefit not only the auditee, but also the auditee's clients. That’s why Coretek chose to obtain SOC 2 Type II attestation — one of the most industry-recognized information security audits and accreditations.

While not actually a certification, SOC 2 Type II attestation demonstrates an organization's dedication to security and privacy controls as well as a commitment to building trust with its stakeholders. 

Explore this blog to learn more about what SOC 2 Type II means, as well as the benefits it offers to Coretek and our clients.

What Is SOC 2 Type II?

SOC 2 Type II is an information security requirement-focused audit, the result of which is an attestation report, in which the auditor issues one of four opinions:

1. Unqualified
2. Qualified
3. Disclaimer
4. Adverse opinion

The auditor will request documented policies, standards, and processes, as well as evidence that demonstrates the auditee adheres to them, and will also conduct in-depth in-person interviews with subject matter experts within the company. This audit examines internal information processes and, in the case of client-based B2B companies like Coretek, also examines the treatment of critical client information.

The audit, which is administered by the American Institute of Certified Public Accountants (or AICPA) tests against up to five Trust Services Criteria (TSCs), which are:

1. Security
2. Availability
3. Processing Integrity
4. Confidentiality
5. Privacy

To pass the audit, auditees must be able to validate that internal controls for governing access, risk management, human resources, security awareness training, endpoint protection, change management, vulnerability and patch management, etc. are functioning as expected.

Many audits result in a report stating either a qualified or unqualified opinion. An unqualified opinion is issued when the auditor deems the tested controls to be designed and operating effectively. When a company successfully completes a SOC 2 Type II audit and receives an unqualified opinion, they’ve proven themselves capable of protecting not only their own data but that of their customers as well.

Why Did Coretek Undergo This Audit?

At Coretek, we were prompted to initiate the SOC 2 Type II audit process for two reasons.

Firstly, as a Managed Services Provider, Managed Security Services Provider, and cloud expert, we feel it is our responsibility to adhere to highly stringent standards of information security.

Secondly, our responsibility to adhere to such high levels of information security compliance is to meet the needs of our clients. At Coretek, our priority is making our clients feel secure, and that’s only made possible when we provide trustworthy, transparent, and absolutely secure services.

Combined, these two factors were the genesis behind our pursuit of the SOC 2 Type II audit and attestation report, which was accomplished in partnership with A-LIGN.

How Does This Benefit Coretek’s Clients?

Our bottom line priority is providing our clients with secure, quality services. By obtaining this attestation, there will be specific benefits that you see as our client.

Consistency (no disruptions of service)

A well-oiled machine won’t break down. Having earned a favorable attestation report, Coretek has proven that we perform consistently at our absolute best in protecting your organization’s sensitive data.

Transparency (freedom of information)

It’s rare that prospective clients are able to peek under the hood of their future partners' operations to ensure viability. Having a third-party attestation report enables us to provide your organization with peace of mind by sharing it for your review (with a signed NDA).

Security

The final benefit is the most significant: security. As an MSP and MSSP, it is our responsibility to not only provide security for ourselves, but for your organization as well. The SOC 2 Type II audit process and report provide objective proof of our ability to do that or provide actionable areas for improvement.

At the end of the day, Coretek’s SOC 2 Type II attestation enables us to do a better job for you.

What Are the Benefits to Coretek?

Our clients aren’t the only ones that benefit from the SOC 2 Type II audit and attestation report. Coretek as an organization has derived benefits in three key areas by engaging in this audit.

Attestation report

The product of a SOC 2 Type II audit is an attestation report, which provides a comprehensive analysis of an organization’s information security posture over an evaluation period, whether it be positive or negative. Among other benefits, Coretek's report helps our team recognize our areas of strength. Having a comprehensive report breaking down every aspect of our internal and external information security processes provides easy material for reflection, strategizing, and evidence-based action.

Internal accountability

SOC 2 Type II is not a one-and-done process — it requires continuous audits. If integrity wasn’t enough motivation, the understanding that any information security action will be audited and analyzed creates a culture of exceptional internal accountability. There is no room for shortcuts, so our team executes every initiative with absolute data integrity in mind.

Familiarity with compliance

Whether it be via the auditing process or the attestation report, the process of obtaining a SOC 2 Type II attestation exposes any information security weaknesses that may exist. As the auditee, we gain a front-row view of the best and latest information security requirements, which we can then apply to all the information we handle.

Enhancing Your IT Security and Compliance

Coretek's security services cover a wide spectrum of workloads, platforms, and devices, giving you the assurance of complete visibility into your environment, and ensuring your understanding of your cloud configuration and management. Our services include:

● Managed 24x7 SOC Services
● Extended Detection and Response (XDR)
● Security Incident Response & Resolution
● Disaster Recovery & Business Continuity
● DevOps Security Management
● And much more

These integrated security services are designed to scale effortlessly, adapting to the ever-evolving threat landscape and aligning with your specific objectives.

Always Improving

Obtaining our SOC 2 Type II attestation is an ongoing process with periodic audits, providing excellent opportunities for self-reflection and improvement — but it doesn't signal the end of the information integrity journey. As with every aspect of our work, Coretek continually pushes for improvement and cutting-edge innovation for the good of our current and future clients as well as their customers.

While this accomplishment may be a giant leap for Coretek and all of our stakeholders, we aren’t done identifying and implementing what’s next in information security.