Data security. A top priority.
The security of your data is paramount. Lorton Data has a long history of establishing and refining its controls to secure client data in an ever changing and increasingly connected world.
Lorton Data is audited annually by an independent external organization under the requirements of the American Institute of Certified Public Accountants, and each year receives a SOC 2 Type 2 report for our data center and data processing.
The SOC 2 Type 2 report puts strict audit requirements in place and sets a high standard that truly distinguishes Lorton Data from other SaaS data management providers. Because our processes and organization have been independently verified, you can be assured that a high level of internal controls and security are established and maintained. We have documented our internal controls for processing services, supporting our commitment to meeting regulations, standards, and a specific set of criteria as established by a widely recognized national trusted authority.
Lorton Data’s SOC 2 Type 2 report covers controls relevant to security, availability, and confidentiality or privacy.
Our SOC 2Type 2 report is intended to meet the needs of a broad range of users who require information and assurance about the controls at a service organization that affect the security and availability, as well as the confidentiality and privacy of the information processed by Lorton Data.
Examples of stakeholders who may need these reports are management or those charged with governance of the user entities and of the service organization, customers of the service organization, regulators, business partners, suppliers, and others who understand the service organization and its controls.
Lorton Data’s SOC 2 report focuses on the security, availability and confidentiality principles.
- Security – The system is protected against unauthorized access (both physical and logical).
- Availability – The system is available for operation and use as committed or agreed.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
With SOC 2, an organization can receive either a Type 1 or a Type 2 report. Type 1 merely reports on the suitability of the design of controls as described by management, while Type 2 also tests the operating effectiveness of the controls. Lorton Data has been issued a Type 2 report.