Lawyers speak a good deal about privacy, but very few data centers in eDiscovery actually meet the SOC 2 standard for privacy.
Atlanta, GA (PRWEB) January 29, 2014
OrcaTec, a pre-eminent provider of predictive coding and advanced analytics for corporations, law firms and governments, today announced it has successfully completed its AICPA Service Organization Controls 2 (SOC 2) Type 2 Examination in three areas. The SOC 2 Type 2 report is an evaluation of OrcaTec’s controls, processes and procedures relevant to the security, confidentiality and privacy of data processed for its clients. Clients with certification and compliance requirements may now leverage OrcaTec’s SOC 2 Type 2 report as part of their compliance strategy and documentation.
The widely recognized SOC certification standard is a replacement and enhancement of the now-defunct SAS 70 exam. The SOC certification has three levels, with Levels 1 and 2 aimed specifically at service organizations. Level 1 is the least demanding examination and the most popular choice for certification. Level 2 is significantly more difficult to obtain. There are five potential areas for rigorous examination in Level 2, with most organizations being certified in just two of these (typically Security and Confidentiality).
“At OrcaTec, due to the long-time trust relationship we have with our financial services and regulatory compliance customers, we felt it important to also be certified in the Privacy standard too, which is a lot more rigorous, covering an additional 83 topics,” said OrcaTec Chief Operations Officer Quin Gregor. In total OrcaTec was evaluated over 177 separate areas, 176 of which it passed. The one remaining area, it was able to rectify immediately.
“The security, confidentiality and privacy of client data is a top priority for OrcaTec. Most companies are content with receiving an SOC 1 rating, which serves their purpose,” said Gregor. “But we believe our clients deserve more, so we were willing to put in the extra time and labor to achieve the unusual step in the eDiscovery market of getting certified as an SOC 2, and an SOC 2 in three areas. It is estimated that only 14% of data centers nationally achieved this certification in 2013, so this is a rare achievement within our market space.”
A company does not “just show up and take the SOC 2 exam,” Gregor pointed out. “This is an area where the corporate culture has to both demonstrate and exude these requirements. It’s one thing to be able to say you follow these requirements; it is another altogether to have a third party assess and agree that you do. It took OrcaTec four years of hard work to position its practices and policies to meet these standards.” The evaluation period is across six months and has to occur yearly for the certification to remain in place. To add to the complexity, OrcaTec has two data centers and personnel around the country.
OrcaTec’s examination was conducted by A-lign™ Security and Compliance Services, an independent accounting and auditing firm, which evaluated OrcaTec’s processes for security, confidentiality and privacy of data analytics and archive services for the period May 1, 2013, through October 31, 2013, with final commentary and conclusion of the examination period occurring in January.
According to the AICPA, an SOC 2 examination represents that a service organization has been through an evaluation of their control activities as they relate to the applicable Trust Services Principles and Criteria. A Type 2 report not only includes the service organization’s system description, but also includes detailed testing of the design and operating effectiveness of the service organization’s controls.
“This examination provides an objective view on the data controls we have on our analytics, predictive coding and archive services, and enables us to show our clients how we are meeting their increasingly stringent data compliance needs,” said Gregor. “Lawyers speak a good deal about privacy, but very few data centers in eDiscovery actually meet the SOC 2 standard for privacy.”
About the AICPA
Founded in 1887, the AICPA represents the CPA profession nationally regarding rule making and standard setting, and serves as an advocate before legislative bodies, public interest groups and other professional organizations. The AICPA develops standards for audits of private companies and other services by CPAs; provides educational guidance materials to its members; develops and grades the Uniform CPA Examination; and monitors and enforces compliance with the profession’s technical and ethical standards.
The AICPA’s founding established accountancy as a profession distinguished by rigorous educational requirements, high professional standards, a strict code of professional ethics, a licensing status and a commitment to serving the public interest.
OrcaTec helps clients address and manage business and legal challenges associated with the discovery and management of unstructured data with advanced analytics and predictive coding technologies delivered in the form of products and services to law firms, corporations and governments. OrcaTec offers a complete suite of textual analytics tools including concept search, visual clustering and predictive coding as part of the OrcaTec Document Decisioning Suite™. The suite provides legal professionals with an all-in-one offering for the analysis and review phases of the electronic discovery process and includes OrcaPredict for predictive coding, early case assessment and first pass document review, OrcaSearch for concept searching, OrcaCluster for visual clustering and OrcaReview for second pass document review. http://www.OrcaTec.com or 888.335.2200 x2.
Questions or comments regarding our Service Organization Control 2 (SOC 2) Report under AT Section 101 should be submitted to OrcaTec by mail or e-mail as follows:
3200 Cobb Galleria Parkway
Atlanta, GA 30330