Platform

NetRise has recently been certified as SOC 2 Type II compliant, following a period of observation by an independent auditor. The achievement of this important milestone confirms NetRise’s status as a trustworthy and secure vendor in the supply chain security marketplace, as previously indicated by our certification as SOC 2 Type I compliant. In sharing this news, we want to provide the answers to some commonly asked questions around SOC 2 compliance.

What is SOC 2 Compliance?

SOC 2 is a voluntary security standard set out by the American Institute of Certified Public Accountants (AICPA), created specifically for technology companies gathering and storing sensitive data. SOC 2 compliance is widely considered a key indicator of a commitment to the privacy and security of customer data. As a SaaS solution provider, adhering to these standards and demonstrating the security of our practices is absolutely critical for NetRise.

21972-312_SOC_NonCPA_Blk

Why Does SOC 2 Compliance Matter?

As cybersecurity vulnerabilities, exploits, and attacks continue to increase, obtaining SOC 2 compliance has never been more important. SOC 2 compliance isn’t just nice to have, it is a necessary validation of our commitment to the highest standards of data security. Meeting the requirements signifies NetRise has made a concerted effort to handle customer data safely and responsibly.

What Does a SOC 2 Type II Audit Entail?

SOC 2 Type II audits comprise three vital criteria across an extended observation period: Security, Availability, and Confidentiality. Countless tests are undertaken to ensure the seamless implementation and operating effectiveness of our internal controls. These tests are designed to test not only our security at one point in time, but also over a time period considered long enough to provide adequate assurance of compliance.

What Does SOC 2 Type II Compliance Mean for NetRise?

As a supply chain security solution provider at the cutting edge of innovation, NetRise recognizes the importance of securing the data of its customers. Many of NetRise's customers operate in highly regulated environments and hold their vendors accountable to the highest standards of cybersecurity.

NetRise is guided by our principles, which demand strict security and accountability:

Secure Personnel

  • All NetRise contractors and employees must submit to background checks prior to engagement or employment.
  • All NetRise employees must complete security training and cybersecurity awareness is a key aspect of our internal culture.
  • Confidentiality is contractually required.

Secure Development

  • NetRise always follows secure development lifecycle principles.
  • All products, tools, services, and updates are submitted to a comprehensive design review to ensure security requirements are met.
  • Team members involved in any system development undergo annual training.
  • Software development must align with OWASP best practices.

Secure Testing

NetRise regularly utilizes third party penetration testing and vulnerability scanning of systems to ensure resilience.

  • Systems and services are scanned prior to deployment.
  • Penetration testing is done by both internal security engineers and external penetration testers to ensure new systems, products, or updates have been vetted from multiple perspectives.
  • Code is subjected to static and dynamic software application security testing.

Secure Cloud

NetRise's cloud environment provides complete security at all times with total segmentation of customer data. All data is encrypted at rest and in transmission, in compliance with the highest standards of cloud security. NetRise continuously monitors the security of our cloud environment and takes every precaution to ensure customer data is secure.

To see the NetRise Platform in action for yourself, request a demo today.

NetRise Inc. was audited by Prescient Assurance , a leader in security and compliance attestation for B2B, SaaS companies worldwide. Prescient Assurance is a registered public accounting firm in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com.