SOC 2 Report

SOC-Service-website150.jpgThe security of your data is paramount. Lorton Data has a long history of establishing and refining its controls to secure client data in an ever changing, and increasingly connected world.

Lorton Data has been audited by an independent external organization under the requirements of the American Institute of Certified Public Accountants, and has received another SOC 2 Type 2 report for its data center and data processing organization.

What does this mean to you?

SOC 2 makes it easier for you to trust in Lorton Data. Through the SOC 2 audit and reporting process, we affirm our long standing commitment to strong controls and safeguards for handling and processing your data.

The SOC 2 Type 2 report puts strict audit requirements in place and sets a high standard that truly distinguishes Lorton Data from other SaaS data management providers. Because our processes and organization have been independently verified, you can be assured that a high level of internal controls and security are established and maintained. We have documented our internal controls for processing services, supporting our commitment to meeting regulations, standards, and a specific set of criteria as established by a widely recognized national trusted authority.


What is the SOC 2 Type 2 Report?

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

The SOC 2Type 2 report is intended to meet the needs of a broad range of users who require information and assurance about the controls at a service organization that affect the security, availability, and processing integrity the organization uses to process data, as well as the confidentiality and privacy of the information processed by the organization. Examples of stakeholders who may need these reports are management or those charged with governance of the user entities and of the service organization, customers of the service organization, regulators, business partners, suppliers, and others who have an understanding of the service organization and its controls.  

Our SOC 2 report focuses on the Security, Availability, Processing Integrity, and Confidentiality principles.

  1. Security - The system is protected against unauthorized access (both physical and logical);
  2. Availability - The system is available for operation and use as committed or agreed;
  3. Processing integrity - System processing is complete, accurate, timely and authorized;
  4. Confidentiality - Information designated as confidential is protected as committed or agreed;

With SOC 2, an organization can receive either a Type 1 or a Type 2 report. Type 1 merely reports on the suitability of the design of controls as described by management, while Type 2 also tests the operating effectiveness of the controls. Lorton Data has been issued a Type 2 report.