SOC 2 compliance for UC: An overview

July 10, 2019 Matthew Marion

The financial services industry is no stranger to the increasing threat of security breaches. In fact, financial service firms experience cybersecurity attacks 300 times more frequently than businesses in other industries, and that rate is only increasing.1 These organizations must constantly evolve the ways they tackle security, and the rising adoption of SaaS, unified communications as a service and cloud computing, adds yet another list of considerations to the security conversation.

Financial services company with SOC 2 compliant unified communications

The benefits of services like cloud-based unified communications solutions are clear and essential to providing a great customer experience in an increasingly competitive industry. However, when you consider the amount of sensitive information that can be stored on company systems like phones, voicemail, call recordings, chat and collaboration tools, enlisting a communications provider that has proper security controls in place is more important than ever.

The number of security controls to maintain is significant and far-reaching. It can be difficult enough to ensure your own business abides by these controls, let alone the vendors you work with. The simplest way to ensure your service provider is up to the task is to request their SOC 2 report which will address those security controls and much more.

The importance of SOC 2

Developed by the American Institute of CPAs (AICPA), SOC 2 is a comprehensive list of controls governing data protection technologies and processes, covering five key principles: security, availability, processing integrity, confidentiality and privacy. A SOC 2 report can only be provided by an independent third-party CPA firm, ensuring you’re not just taking the service provider at their word. The SOC 2 Type 2 Report audits the implementation, design, and operating effectiveness of these controls over a set time period and puts strict audit requirements in place to address the demands in the marketplace for assurance over non-financial controls.

The completion of such an examination demonstrates the service provider’s commitment to meeting stringent security standards, giving your financial firm the confidence it needs before deciding on a provider. These reports, however, do expire so it is important to find a provider that not only has a current report but plans to continue updating them.

Security breaches will only continue to grow in sophistication, and the valuable data within the financial services industry will always be a prime target. Before selecting a unified communications provider, be sure they are embracing these security standards as part of their current and ongoing strategy.


The post SOC 2 Compliance for Unified Communications: Why it Matters and How to Ensure it appeared first on Windstream Enterprise.


About the Author

Matthew Marion

Matthew Marion is a Senior Product Manager at Windstream Enterprise supporting the OfficeSuite UC® product suite, where he is responsible for the Contact Center Services portfolio, maintaining product compliance and security regulations, as well as business continuity initiatives.

Follow on Linkedin More Content by Matthew Marion
Previous Article
5 key UC components every enterprise needs
5 key UC components every enterprise needs

Looking for a UCaaS provider? To find the right match for you, focus on these 5 essential components as you...

Next Article
How AI is changing business communications
How AI is changing business communications

AI is everywhere: productivity apps predict user preferences; chatbots engage customers to solve problems i...


Have questions? Chat with a Windstream network expert

First Name
Last Name
Phone Number
Thank you!
Error - something went wrong!