hdr-about

SOC 2 Type 2 – Certification

SOC 2 – TYPE 2 Certification Ensures Convergence Is Totally Committed To Keeping Your Data Safe

The objective of AICPA’s SOC 2 – TYPE 2 Certification is to verify service organizations have systems in place to ensure the security, availability, processing integrity, confidentiality, and privacy of client data. The AICPA performed a thorough review of Convergence’s policies and procedures beginning with the handling of incoming calls, through the results researchers deliver to clients, and finally the controls management has instituted to monitor the overall process.

The AICPA’s review covered a number of Convergence’s policies that were especially effective in ensuring the safety and integrity of client data which include:

  • Management Philosophy – Senior management places the utmost importance on the security of personal identification information as evidenced by the creation of an Information Security Group that meets annually and reports to the Board. The group, under the direction of the Convergence Board, oversees the security activities of Convergence and establishes overall security policies and procedures.
  • Security Management – An Information Security Team consisting of a security officer and members responsible for management of information security closely monitor security procedures throughout the organization. They are responsible for developing, maintaining, and enforcing Convergence’s security policies including reviewing known incidents and patches as well as results vulnerability assessments and addressing necessary changes to policies.
  • Change Management – A formalized change management system is in place which requires identification and recording of significant changes, assessment of risk and the potential effect of such changes, approval of proposed changes, and testing of changes to verify operational functionality. Proposed changes are evaluated to determine if they present a security risk and what mitigating actions, including employee and user entity notifications, must be performed.
  • Protected Infrastructure – The production system is made up of a virtualized environment. All machines are Microsoft Server 2012 or later operating systems with a Microsoft SQL Server as the backend database. The system is hosted at Flexential (formerly Peak 10) on a Dell VRTX machine with multiple individual computers and onboard SAN. The Flexential facilities employ backup power generators, air conditioning systems, fire detection and suppression systems, and environmental monitoring and alert notification systems.
  • System Access – Role-based security is implemented to limit and control access within systems. Employees are granted logical and physical access to in-scope systems based on approvals by appropriated management personnel.  The ability to create or modify user access accounts and user access privileges is limited to authorized personnel. Employees access the system through the web-based operations console with access to any network resource restricted to the network or VPN sign on remotely. Employee access is monitored by video surveillance and on-site personnel, and it is controlled through the use or card reader systems, codes and biometric readers.

For additional information about how Convergence protects the integrity of client information, click here to download the complete SOC 2 – TYPE 2 Report.

aicpa-soc-logo
We Would Like to Hear From You!

If you would like more information, please contact us and we will be glad to help you. Whether a potential client or a potential researcher, we’re anxious to work with you!

Not readable? Change text.

Start typing and press Enter to search