With the rise in multifamily IoT providers, clients have every right to know and ask about an organization’s security practices and procedures. These companies’ technologies inherently touch sensitive user data surrounding the daily lives of Residents, Property Managers, and other stakeholders.
To start, an easy ‘litmus test’ when gauging an organization’s level of security is to ask for its SOC 2 report. There are several areas of security to discuss outside of this assessment, but for now, let’s dive into SOC 2.
SOC 2 (pronounced as “sock two”), which stands for Service Organization Controls, is an auditing procedure developed by the American Institute of Certified Public Accountants (AICPA). This procedure makes certain that service providers are protecting and ensuring the accuracy of their clients’ information. The five areas that SOC 2 focuses on, or Trust Services Criteria, are Privacy, Security, Availability, Processing Integrity, and Confidentiality>.
- Privacy: protection for personal information, typically pursued if the organization is handling protected health information
- Availability: system is available to customers as established in contracts
- Processing integrity: system processing is timely and accurate, typically pursued if the organization is handling financial transactions
- Confidentiality: protection for confidential information
There are two types of SOC 2 reports: Type I and Type II. Both of them test for the effectiveness of an organization’s controls. However, SOC 2 Type I looks at a point-in-time at the time of the audit, while SOC 2 Type II reports on the effectiveness of the organization’s security and privacy controls since the last audit (a longer period of time).
The rigorous auditing process takes several months of engagement and measures a company’s security preparedness. The qualifications required of a SOC 2 certification are not ones that an organization could accidentally stumble into, nor are they a simple list of items to check off. STRATIS is proud to have received its SOC 2 compliance after almost half a year of extensive examination.
As mentioned above, a security-driven organization would want the conversation to continue past, “Do you have a SOC 2 report?” Organizations that have security measures in order will typically (and readily) offer to provide SOC 2 documentation, a security overview walkthrough, penetration testing results (with redacted exact vulnerabilities), and static code review results.
A prospective client has the right and responsibility to analyze these security considerations to be informed as possible on the priorities of their solutions providers.
Want to learn more about SOC 2? Read more here about the differences between SOC and another security auditing process, ISO.
STRATIS®, a RealPage Company, creates smart apartments and intelligent buildings and is the only platform of its kind built for the complexities of multifamily and student housing. STRATIS is installed worldwide across the U.S., in Japan, the UK, EU, and Latin America. STRATIS now serves hospitality, retail, and small to mid-size commercial, as well. STRATIS is an Inc. Magazine “Fastest Growing Company in America” and a Top Ten Entrepreneur Magazine “Best Company in America.” STRATIS was recently acquired by RealPage to enable CommunityConnect, a more connected lifestyle, and unleash hidden yield through new revenue streams.