As a service provider for IT Asset Management and Destruction, our clients demand to know (and see) that we hold ourselves to the highest industry standards among organizations providing these services. Like our clients, security, privacy, and confidentiality are at the heart of what we do daily.
Because Reclamere not only provides ITAM/ITAD services but also Managed Cybersecurity Consulting services, Reclamere made the strategic decision to undergo a SOC2 (Service Organization Controls) audit. This audit will result in a report affirming that strong security controls are in place, managed effectively, and confirmed by an outside AICPA-affiliated CPA Firm.
Many of our current and potential clients are looking for SOC2 attestations from their vendors. One of the key findings when Reclamere performs Cybersecurity Risk Analysis projects, is to require vendors to show proof of a current SOC2 report and attestation. Soon, in addition to receiving a copy of Reclamere’s NAID AAA Audit report, our clients will receive our SOC2 report to comply with Vendor Management policies and regulations.
By doing business with an ITAM/ITAD vendor with the SOC2 attestation, there is an understanding that we follow our own policies and procedures around security, availability, processing, integrity, and confidentiality. These areas are considered the five “trust service categories” according to AICPA requirements. This SOC 2 attestation report means that the data (your data) that Reclamere processes is protected—something organizations in highly regulated industry sectors require and most others increasingly demand.
The SOC2 criteria for security are the most significant criteria with the most required controls. The criteria include specifications regarding our culture and company management, risk assessments, communication, cybersecurity strategy, and control monitoring.
This new auditing will be in addition to our NAID AAA auditing and certification. We believe NAID AAA auditing to be the most critical form of vendor validation we can give our clients as it is specific to the unique risks and operational controls requirements for IT asset management and destruction. In addition, it has the power of the unannounced and random audit program behind it. SOC2 gives our clients the added benefits on top of our NAID AAA certification.
SOC2 attestation is instantly recognized by compliance and financial managers because of its administration through the AICPA and the fact that only CPAs can issue attestations. This recognition means that vendor management is simplified and more efficient.
So what does this mean for the future of ITAD?
For companies selecting an ITAM/ITAD partner, asking about SOC2 will become commonplace and change how they select their partners. The audit itself will separate best-in-class vendors from the rest.
Reclamere provides cybersecurity services at every stage of the data lifecycle. Schedule a call today to discuss all the ways Reclamere can help you stay secure and compliant.