SOC 2 TYPE II (In Progress)
Certification Proves Our System is Designed to Keep Clients’ Sensitive Data Secure. PG Solutions Group is in process of achieving it's third certification. Our dedicated Compliance Team is diligent in creating all the certifications, backups and disaster recovery procedures necessary to meet our client needs.
SOC 2 certification is issued by outside auditors who assess a vendor's compliance with one or more of the 5 principles based on the systems and processes in place.
Security - This principle refers to protection of system resources against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of software, and improper alteration or disclosure of information. IT security tools such as network and web application firewalls (WAFs), two factor authentication and intrusion detection are useful in preventing security breaches.
Availability - This principle refers to the accessibility of the system, products or services as stipulated by a contract or service level agreement (SLA). As such, the minimum acceptable performance level for system availability is set by both parties. This principle does not address system functionality and usability, but does involve security-related criteria that may affect availability. Monitoring network performance and availability and security incident handling are critical.
Processing integrity - This addresses whether or not a system achieves its purpose (i.e., delivers the right data at the right price at the right time). Accordingly, data processing must be complete, valid, accurate, timely and authorized. Monitoring of data processing, coupled with quality assurance procedures, can help ensure processing integrity.
Confidentiality - Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations. Encryption is an important control for protecting confidentiality during transmission. Network and application firewalls, together with rigorous access controls, can be used to safeguard information being processed or stored on computer systems.
Privacy - The privacy principle addresses the system’s collection, use, retention, disclosure and disposal of personal information in conformity with an organization’s privacy notice, as well as with criteria set forth in the AICPA’s generally accepted privacy principles (GAPP). Personal identifiable information (PII) refers to details that can distinguish an individual (e.g., name, address, Social Security number). Some personal data related to health, race, sexuality and religion is also considered sensitive and generally requires an extra level of protection.