SOC 2: Securely Digitizing the Built Environment

Our voluntary commitment to higher standards of security for your building data

March 28, 2024
|

In the world of architecture, engineering, and construction, every detail matters. From the foundation to the final touches, integrity and trust are the cornerstones of every project. But in our digital age, these values extend beyond the physical build. They are crucial in the digital realm, where project data is managed from the initial design phase and remains vital for maintenance and future modifications long after the physical structures are completed. That's where SOC 2 comes in.

SOC 2, or Service Organization Control 2, is not just another compliance requirement. It's a commitment to the highest standards of data security, availability, processing integrity, confidentiality, and privacy.

For Integrated Projects, SOC 2 stands as a testament to our unwavering dedication to data protection. It's about building a framework that safeguards every bit and byte, just as securely as the physical structures we create.

Imagine leaving your blueprints, financial data, and client information unprotected. The risk? It's like leaving the keys to your building site for anyone to find. SOC 2 compliance means your data is locked up tight, only accessible to those who truly need it.

Achieving SOC 2 compliance is not a one-time event but a continuous process of improvement. It involves regular audits, constant monitoring, and an unwavering commitment to data protection.

For the AEC industry, SOC 2 is a building block for creating durable, secure, and trusted relationships with clients. By embracing SOC 2, we're not just protecting data; we're constructing a future where every project stands strong on the foundation of security and trust.

Join us in building a secure future for your building data. 

Pillars of SOC 2

  1. Security: This is the foundational criterion. It involves protecting system resources against unauthorized access, disclosure of information, and damage. Security measures often include access controls, firewalls, and intrusion detection systems to ensure that only authorized individuals can access sensitive information.
  2. Availability: This criterion focuses on ensuring that the system, product, or service is available for operation and use as committed or agreed. This involves monitoring network performance, site failover, and disaster recovery procedures. The goal is to ensure that services are available as expected by users and commitments.
  3. Processing Integrity: This pillar ensures that system processing is complete, valid, accurate, timely, and authorized. It aims to ensure that data processing operations function as intended, without error, delay, omission, or unauthorized manipulation.
  4. Confidentiality: This involves protecting information designated as confidential from unauthorized access and disclosure. Confidentiality measures are typically applied to data that is meant to be restricted to a certain group of individuals or organizations, such as business plans, intellectual property, internal price lists, and other sensitive information.
  5. Privacy: The privacy criterion focuses on the system’s collection, use, retention, disclosure, and disposal of personal information in conformity with the organization’s privacy notice, as well as with criteria set out in the AICPA’s Generally Accepted Privacy Principles (GAPP). This ensures that personal information is handled in a manner consistent with the disclosures made to the users at the time of collection and in compliance with privacy principles.

SOC 2 Type 2 reports not only consider the design of controls (like SOC 2 Type 1) but also their operational effectiveness over a defined period of time, providing an assurance that the controls have been operating effectively to meet the Trust Service Criteria throughout the reporting period. This makes SOC 2 Type 2 an important benchmark for security-conscious businesses and their clients.

Our Security Partners

  • Vanta - Security Platform and Automation
  • Advantage Partners - Auditors
  • VioletX - Security Consultants (Build policies, implement documentation, assist with controls)
Recently Featured