February 20, 2023

SOC 2 Compliance: Commitment to Your Safety and Security

Security and safety are priorities at Irth. As an industry leader, we are proud to consistently deliver the most robust technology and innovative solutions to protect critical network infrastructure. This protection includes a SOC 2 Type 2 attestation report, a voluntary security framework developed by the American Institute of Public Accountants (AICPA) to safeguard your data from unauthorized access and other vulnerabilities.

Your data security is paramount. Every year we hear about thousands of data breaches, exposing billions of records. Experts believe these numbers will continue to increase. Without proper security, your data is at risk of being stolen, and your organization is vulnerable to attacks, malware installation, and extortion.

As your trusted partner in damage prevention, risk management, asset protection, governance, and compliance, we pursued a SOC 2 Type 2 attestation report to validate our adherence to the highest standards for security, availability, and confidentiality.

What is SOC 2 Type 2?

The American Institute of Public Accountants developed SOC 2 as a compliance and auditing standard for service organizations to manage customer data and continuously monitor security controls. Based on five trust principles — security, availability, processing integrity, confidentiality, and privacy — a SOC 2 Type 2 attestation report is issued by outside auditors.

Irth uses an independent automation platform to monitor more than 100 internal security controls continuously. With this oversight, we can confidently prove our compliance with a SOC 2 Type 2 attestation report and your data’s security every single day.

What are the Trust Service Criteria (TSC) of SOC 2 Type 2?

To receive a SOC 2 Type 2 attestation report, the independent auditor assesses Irth on three Trust Service Criteria.   

  • Security: Are the access controls, such as web application and network firewalls, intrusion detection, two-factor authentication, and other access measures sufficient to protect the system from unauthorized access? These access controls prevent intrusion and potential system abuse, theft, misuse of software, and more.
  • Availability: This principle evaluates the accessibility of the system as defined by the service-level agreements. Security-related criteria that may impact availability include security-incident handling, disaster recovery, and performance monitoring. With a guaranteed 99.95% uptime, our reliability is unmatched.
  • Confidentiality: The confidentiality trust principle examines our user control protocol and the ability to control user access for different data sets. Encryption, network and application firewalls, and other rigorous access controls are essential for this principle.  

Is SOC 2 compliance required for SaaS providers?

No. A SOC 2 Type 2 attestation report is not required for SaaS service providers. Irth pursued this because we want our customers to be confident our data security initiatives will protect their data from unauthorized access.

Why is SOC 2 compliance important?

SOC 2 Type 2 attestation report parameters ensure continuous security control monitoring and best practices to protect our customers’ data. It promotes a security-first mindset in our organization and involves ongoing training in best practices when handling customer data, penetration tests, secure software development, and data encryption. Confirmed by an independent auditor, this is an objective analysis of ongoing security and protection of customers’ data.

Irth Solutions uses Drata’s automated platform to continuously monitor internal security controls. A SOC 2 attestation report confirms Irth Solutions’ information security practices, policies, procedures, and operations meet the rigorous SOC 2 Type 2 attestation Trust Service Criteria for security, availability, and confidentiality.

Our ongoing commitment to industry best practices is just one of the reasons 17 of the top 20 largest electric, energy, gas, telecom, and media companies depend on us to support their damage prevention efforts with our market-leading SaaS platform.

To learn more about why we are the top provider for 811 ticket management and utility locating software, schedule a demo today. 

Irth's market-leading SaaS platform improves resilience and reduces risk in the sustainable delivery of essential services that millions of people and businesses rely on every day. Energy, utility, and telecom companies across the U.S. and Canada trust Irth for damage prevention, training, asset inspections, and land management solutions. Powered by business intelligence, analytics, and geospatial data, our platform helps deliver the 360-degree situational awareness needed to proactively mitigate and manage risk of critical network infrastructure in a changing environment. Irth has been the top provider for 811 (one call) ticket management and utility locating software since 1995.

© 2024 Irth Solutions, L.L.C. All rights reserved | Terms of Service | Privacy Policy