NT-ware achieves SOC 2 Type 2
Why get assessed according to SOC 2 Type 2 after SOC 2 Type 1?
SOC 2 is a widely recognized standard for service organizations, particularly those operating in the cloud, to ensure they effectively manage and protect customer data. At NT-ware, it is a top priority to protect customer data and maintain trust in its products and technologies. In line with its commitment to the highest security and data protection standards, NT-ware chose to build on its SOC 2 Type 1 certification by immediately pursuing SOC 2 Type 2. While SOC 2 Type 1 provides a snapshot of implemented controls at a specific time, SOC 2 Type 2 evaluates how effectively those controls operate over an extended period. This long-term assessment offers stronger assurance of NT-ware’s ongoing compliance and operational maturity. Moreover, SOC 2 Type 2 is widely recognized and valued by organizations of all sizes, making it a natural next step in demonstrating NT-ware’s dedication to security and reliability.
Going beyond the minimum audit requirements in terms of matter and time
Already with SOC 2 Type 1, NT-ware decided to go beyond the minimum standards regarding the assessment criteria. Instead of focusing on “Security” as the only mandatory, it achieved compliance with all five Trust Services Criteria defined by the American Institute of Certified Public Accountants (AICPA):
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy
Consequently, the same criteria were applied again with the SOC 2 Type 2 audit. Since the longest possible SOC 2 Type 2 audit period provides a more detailed and comprehensive assessment of the environment, NT-ware opted for a year-round audit instead of a three- or six-month assessment period.