Service Organization Control (SOC 1, SOC 2 and SOC 3)

Service Organization Control (SOC)

A SOC 3 Report is a generic report on how a company safeguards the data and how they perform the operations and how well those controls are operating.

It includes the principles of Security, Availability, Confidentiality, Privacy, and Integrity.

Adhering to SOC makes SaaS providers work on perfect standards for cloud security, identity and access management, mobile security, vulnerability management, and many more.

1. What is the need of SOC Compliance?

SOC requires organizations to establish and follow strict information security policies and procedures, encompassing the security, availability, privacy, integrity, and confidentiality of customer data—the five trust service principles.


2. How is miniOrange compatible with SOC Principles?

SOC aim’s to evaluate an organization’s hosted security system and the data stored by the company or processed in reference to security, processes, availability, integrity, confidentiality, or privacy.


  1. 2.1. How miniOrange follows Security Practices?

  2. The security principle implies, too, how the company’s resources are protected against unauthorized access. Access controls help in the prevention of potential system misuse, software ill-use, theft or unauthorized removal of secured data, and inappropriate alteration or disclosure of information.

    This can be overcome by implementing strong authentication, intrusion detection systems, and so on. miniOrange follows this principle by handling all the data at the secure AWS Databases.

    Click here to know more about security practices.

  3. 2.2. What is miniOrange’s product availability?

  4. It is the accessibility of the Company’s products. This includes performance monitoring, security incident handling, disaster recovery, and so on. miniOrange provides the details of each incident handling through its Disaster Recovery Policy and the monitoring through the report provided by AWS in the next section.

  5. 2.3. Processing integrity

  6. The processing integrity principle focuses on if a system achieves its purpose or not. For example, if it delivers the right data at the right price at the right time. Accordingly, secured data processing has to be complete, valid, accurate, timely, and authorized.

    This includes quality assurance, processing monitoring, and so on.

  7. 2.4. Confidentiality

  8. Confidentiality of the data is handled by following all the principles with respect to the GDPR Guidelines. Along with this, we make sure the data disclosure is done with specific personnel and restricted access. This also includes encryption while transferring any data over the network and or processing the data through the internal systems.

  9. 2.5. Privacy

  10. The privacy principle implies that the company’s collection, use, retention, disclosure, and disposal of personal information is restricted in accordance with the organization’s privacy notice.

    miniOrange privacy policy mentioning all the details of how the information is collected, stored, processed and restricted from unauthorized access. Data Retention Policy will define how the unused data is archived and deleted through our systems.



3. Disclosure of the Report

miniOrange takes care of the clients and provides the disclosure as much as possible. If you want to access or know more about the AWS Report, please contact us info@xecurify.com.

We ensure that we will try to provide the best we can.


Frequently Asked Questions(FAQs)

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com