eTurns Passed a Rigorous SOC2 Type 2 Audit, Proving the Security and Availability of our Automated Replenishment Service
eTurns has earned the tech world’s version of the Good Housekeeping seal of approval.
In our industry, that means we passed the lengthy and exacting Service Organization Control (SOC)2 Type 2 audit.
To put it very simply, the SOC2 Type 2 audit, conducted by a certified public accounting firm, evaluates the suitability of the design effectiveness of our controls behind a service organization’s cloud solution. Specifically, the audit examined two areas: security and availability.
SOC2 audits aren’t required by any regulatory agency. But as data security and availability become increasingly important, a growing number of companies are asking tech firms they do business with whether they are SOC2 Type 2 compliant.
In eTurns’s case, some of our larger customers, one of which works extensively with a major government contractor, asked if we had been audited. Now we have.
I’m glad we did it, because passing phase one and two is a great way to demonstrate to our customers that:
A: We know what we’re doing;
B: We are serious about protecting our customers’ information; and
C: We are serious about keeping the application available 24/7/365.
Here are some examples of how seriously we take these controls. We have designed our solution, running on Amazon Web Services in Virginia, to provide an “always-on” environment. What this means is our customers will never experience unplanned downtime. Each transaction is instantaneously written to the production drive as well as a “mirrored drive.” If the production drive fails, the “always-on” drive immediately takes over within a fraction of a second.
Beyond this “always-on” architecture, we push backups of all of our customers’ data to a completely separate server farm in Oregon. We push a full backup of all data once per day and then hourly incremental backups during the day to protect against the entire production server group failing in Virginia.
One more example: Not only is all data encrypted in motion, the most sensitive data is encrypted at rest on our drives. Furthermore, all public-facing servers are protected by real-time anti-virus, malware software that simultaneously performs intrusion detection and intrusion prevention. These best-practice security capabilities allow our customers to have great comfort that their private and proprietary business information is secure from both bad actors and competitors.
Successfully completing this audit sends a message that we are committed to the highest standards of design effectiveness of our controls. We understand the requirements of our customers and the security and controls required to keep data safe and available. But most importantly, being SOC2 Type 2 compliant communicates that an independent auditing CPA firm has confirmed that eTurns has delivered on effective security and availability controls.
By Rock Rockwell, CEO