In March 2018 we wrote to you announcing Seal Software achieved a regulatory compliance milestone with its first SOC (Service Organization Control) 2 Assessment. This was a Type 1 audit (point in time/snapshot) covering the core Security criteria, also known as the common criteria. As we continue to invest in legal AI technology and efficient contract discovery & analytics processes around our Seal Cloud Services (SCS) offering, we are proud to announce that in December of 2018 Seal completed its SOC 2 Type 2 certification. Whereas a Type 1 audit shows you have controls in place, a Type 2 shows that not only have you defined them, but you are in regulatory compliance with the controls. The SOC 2 Type 1 is a report on the effectiveness of your organization’s security controls at a specific point in time. The SOC 2 Type 2 measures these same controls, but over a period of time.
While Security is the only criteria required in a SOC examination, we chose to include two of the four optional Trust Services Criteria within our Type 2 examination scope. We chose to include the additional two criteria as a means to add value and integrity to our cloud contract analytics technology.
SOC2 Trust Services Criteria Implemented by Seal Cloud Services:
- Security – The system is protected against unauthorized access, both physical and logical. This is the core principle and everything else is built on top of this
- Availability – The system is available for operation and use as committed or agreed. We offer a commitment around our systems availability and these are the controls that underpin this commitment
- Confidentiality – Information designated as confidential is protected as committed or agreed. This applies to how data is managed, processed and when its time is up, how it is disposed of.
Recent Changes to SOC 2 Standard for Regulatory Compliance
The SOC 2 regulatory compliance standard is not static, it reflects the changing needs of service clients. The Trust Criteria for the various SOC principles were updated at the end 2018 – some highlights include:
- Demonstrating a commitment to integrity and ethical values
- Performing ongoing or periodic evaluations of internal controls
- Addressing risk management and incident management at a more detailed level
The SOC 2 Type 2 audit is just one aspect of Seal’s commitment to regulatory compliance, privacy and security. In 2018, we also implemented a range of technical and process controls and conducted extensive internal training in order to comply with GDPR assessment and other privacy laws. We continue to implement new controls, invest in legal AI technologies to automate contract analytics processes where possible and add additional layers of security to our Defense in Depth cloud protection.