Building a secure future for our clients with SOC 2 certification
One in five Canadian businesses were the victim of a cyberattack in 2021, according to Statistics Canada. Since then, attacks threatening data security have become even more frequent and sophisticated. The message is clear: poorly managed data and systems can make businesses more vulnerable to data theft, malware, extortion and other types of cyberattacks.
At Logient, we’re obtaining SOC 2 certification to improve our security culture and ensure the protection of our customers’ data as we continue our journey toward organizational excellence. But what does this certification actually mean and how will it impact our customers?
A brief overview of SOC 2
Service Organization Control 2 (SOC2) is one of the most recognized security and data stewardship programs in North America. It includes five trust service principles, or TSPs, developed by the American Institute of CPAs (AICPA). These principles ensure that companies apply the highest standards of security, availability, data processing integrity, privacy protection and confidentiality.
To obtain this rigorous certification, a company must implement specific practices related to these five principles, in addition to successfully completing a series of control measures for human resources management, systems and processes. These verifications make it possible to demonstrate that the criteria will be maintained over time. Here’s what is evaluated based on each criterion:
- Security: Protection of data, at all times, against unauthorized access.
- Availability: Continuous accessibility and maintenance of the systems that host and process data.
- Confidentiality: Classification of sensitive and private data, without exception, including control and protection linked to accessibility.
- Integrity of processing: Data that is complete, accurate, validated, verified and quickly accessible to authorized persons.
- Privacy protection: Processing data in accordance with the promises set out in the company’s privacy policy.
As part of the certification process, Logient is targeting three of these five criteria: security, availability and confidentiality.
Two types of SOC 2 certifications
Type 1: Verification checks are carried out on a specific date. In Logient’s case, we obtained SOC 2 Type 1 certification in October 2023.
Type 2: Controls are carried out over a specific period to assess whether the organization is able to maintain the organizational and technical measures put in place. Obtaining SOC 2 Type 2 certification is one of our objectives in 2024.
Why is this certification important to us and to our customers?
Providing secure services has always been a priority for Logient. Since 2016, we have integrated cloud computing solutions offered by Microsoft and AWS into our practice. This allows us to benefit from their robust infrastructure while focusing on our specialty: developing tailor-made solutions. In 2021, anticipating the need for SOC 2 certification and seeing the additional constraints requested by insurers, we undertook several projects aimed at increasing our security culture, including the launch of a security awareness program, along with multi-factor authentication and zero trust control access.
SOC 2 is the logical culmination of our actions. It is not just a certification or a simple exercise with boxes to check; it is a testimony to our commitment to secure and responsibly manage our customers’ data through a strict and rigorous compliance framework. SOC 2 compliance involves a process of continuous improvement that requires us to evaluate and optimize our systems and processes. The goal? Reduce our organizational risk of security breaches—for us and for our customers. For a company like Logient that has experienced strong growth through acquisitions, SOC 2 compliance is a sign of organizational maturity.
“The SOC 2 certification is a concrete demonstration that we take security and organizational excellence seriously for our customers.It’s not just about protecting data.This approach helps us establish and maintain the bond of trust that we have with our customers and partners by demonstrating to them, through a series of concrete actions, that we prioritize and invest in our culture of continuous improvement.Our customers can be assured that the solutions we develop and maintain for them are secure and robust and that we are a partner they can rely on,”says Mathieu Abbott, vice-president of operations at Logient and head of the SOC 2 program.
Logient in action
This initiative involves a holistic approach affecting all aspects of the organization. In total, 74 control measures were formalized and/or implemented during this financial year. In our human resources department, we have—among other things—formed a security and confidentiality committee that has piloted several initiatives, including training and education for employees and the development of policies guiding our actions. We also revised our risk matrices and tested our various contingency plans related to business continuity, disaster recovery and response in the event of an incident. The changes have been numerous, as have the benefits.
Thanks to this new certification, we have made significant progress in our quest for organizational excellence and have implemented concrete actions aimed at providing a safe environment for our clients. This approach directly contributes to the achievement of our clients’ business objectives and makes us particularly proud. Now, on to obtaining SOC 2 Type 2 certification!