The SOC 2 - Privacy at Myota
To ensure the safety and security of our client's data, Myota consistently invests in security best practices. As part of our annual efforts, we undergo independent audits and have obtained a SOC 2 Type 2 report that focuses on the security, confidentiality, and availability of our services.
The SOC 2 Type 2 is a framework for managing and securing sensitive information related to technology and data services. It involves a comprehensive set of criteria designed to assess the effectiveness of an organization's controls over a specified period. Unlike SOC 2 Type 1, which evaluates controls at a specific point in time, SOC 2 Type 2 extends the assessment period to evaluate the operational effectiveness of these controls over an extended duration, typically a minimum of six months. This type of audit provides a more in-depth understanding of how well an organization's systems and processes can maintain the security, availability, processing integrity, confidentiality, and privacy of customer data over an extended period. The SOC 2 Type 2 report is often sought by service organizations to assure their clients that their systems and processes meet the necessary security and compliance standards.
Myota requires a signed Non-Disclosure Agreement (NDA) before sharing information such as a SOC 2 (Service Organization Control 2) report as this report contains detailed information about a company's security controls and practices. Additionally the American Institute of Certified Public Accountants (AICPA) best practices is that the report should only be distributed to those auditors requiring and understanding that information contained in the report. You can contact us via email@example.com to request the Myota.io SOC 2 Type report.
In the context of SOC 2, which is a framework for managing and securing sensitive information, the following definitions apply:
In SOC 2, security refers to the implementation of controls and measures to protect against unauthorized access, disclosure, and potential threats to the organization's systems and data. This includes securing physical and logical access, as well as safeguarding against cybersecurity risks.
Availability, in the context of SOC 2, is about ensuring the consistent and reliable accessibility of the organization's systems and services. Measures are implemented to minimize downtime and disruptions, providing users with dependable access to the required resources.
SOC 2 requires organizations to ensure the accuracy, completeness, and reliability of their system processing. Controls are put in place to guarantee that the organization's processes operate correctly, producing accurate and reliable results in accordance with business requirements.
Confidentiality in SOC 2 involves protecting sensitive information from unauthorized access or disclosure. Organizations implement controls to ensure that access to confidential data is restricted to authorized personnel, preventing unauthorized parties from obtaining or using sensitive information.
SOC 2 emphasizes the protection of personally identifiable information (PII). Organizations must implement controls and practices to manage and safeguard individuals' personal data, ensuring compliance with privacy regulations and responsible handling of private information within the scope of their operations.