SSAE 18 SOC 2 Type II & SOC 3 Certified Company
SecureData, Inc. holds a third-party certification demonstrating full compliance with SSAE 18 SOC 2 Type II & SOC 3 standards. While many software developers use relatively basic security systems, we protect our clients' privacy through a regularly updated system of strict controls, taking appropriate actions to adapt to new threats in order to provide the best possible experience.
Our SSAE 18 SOC 2 Type II & SOC 3 certification ensures consistent safety throughout your ordering process.
Established to ensure standardized security practices among service providers, SSAE 18 is a detailed system of attestation standards used throughout the software development industry. SecureData, Inc. was the first professional data recovery company to earn this credential, which we maintain through annual tests and audits, and we update our practices as needed to provide appropriate protection for our customers.
View our full SSAE 18 SOC 2 Type II & SOC 3 audit compliance report and accompanying documents below.
SSAE 18 is an updated version of SAS 70, which is still widely used by service providers. However, it contains a number of important updates, and our compliance report contains a detailed overview of the standards and practices we use to protect personally identifiable information. All information collected by SecureData, Inc. is carefully controlled and handled using up-to-date encryption in compliance with PCI-DSS and other widely used information security laws.
Differences Between SSAE 18 and SAS 70 Security Standards
As mentioned above, SSAE 18 is often considered a continuation of the widely used SAS 70 standards. The primary advantage of SSAE 18 is the addition of attestation requirements, which compel businesses to test their systems and access controls to provide consistent security for their customers.
We maintain full compliance with various privacy laws when handling payment information and other sensitive data.
Attestations are typically carried out by a qualified third party, and the accompanying certification documents show that the data recovery provider is qualified to provide safe services. Over the course of our attestations, we demonstrate the controls that we use to protect our clients' data, including but not limited to our server technologies and encryption algorithms.
We must also demonstrate a process for updating our networks and data storage devices in order to maintain a secure facility. The third-party auditor presents comments, which show whether our security practices are appropriate and whether they operate effectively. The auditor also judges whether our controls sufficiently address the claims made in our submitted reports.
While SSAE 18 SOC 2 Type II & SOC 3 is primarily intended for service-industry businesses, software developers can use the credential to demonstrate a preference for secure practices. This is especially important for data recovery software development, as privacy is an important factor when recovering files from any type of system.