Thrive Expands SOC 2 Practices
Keeping our stakeholders’ data secure is our top priority, and to ensure that the management of Thrive Career Wellness Inc. has maintained effective controls over the security of its Career Wellness Platform system, Thrive has undergone a SOC 2 examination resulting in a CPA’s report.
As the threat of breaches in cybersecurity continues to grow, the System and Organization Controls (SOC) 2 report has become a standard in attesting to a safe digital environment and safeguarding the trust of clients.
The engagement was performed by BARR Advisory, P.A. This is Thrive’s third year in a row receiving this assessment and successful examination.
What is a SOC 2 Report?
A SOC 2 report is designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls used by the service organization to process customers’ information.
Completing a SOC 2 examination through an accredited third-party auditor does not result in any certification. Instead, the resulting CPA’s report functions as a tool to help an organization communicate whether the internal controls they’ve put in place governing the security of customers’, partners’, and stakeholders’ data are properly designed, implemented, and maintained.
In simpler terms, a SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably.
What does a SOC 2 report cover?
All SOC 2 examinations are performed by accredited CPA firms under the standards defined by SSAE 18. An auditor tests the effectiveness of the internal controls outlined by the organization and then maps those controls to one or a combination of Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
In our case, those criteria include:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
The scope of a SOC 2 report can also vary based on the period covered.
SOC 2 Type I reports examine an organization’s controls at a single point in time and include a list of the controls tested.
SOC 2 Type II reports examine controls over a period of time, usually between three and 12 months, and include both a list of the controls tested as well as the auditor’s test results. The reporting period for Thrive’s latest SOC 2 report spanned from October 1, 2022, to September 30, 2023.
Why did we undergo a SOC 2 exam?
Completing a SOC 2 examination is part of Thrive’s continued efforts to demonstrate our commitment to data security and ensure that we’re prepared to face the challenges of the ever-changing cybersecurity landscape.
“We are pleased to announce that our SOC2 report positively reflects our robust security controls,” expressed Tristan Toye, Chief Technology Officer. “It tangibly reinforces our commitment to the integrity of our product and digital security of our customers. Our work spans from SMBs to Fortune 500 companies, both in the private and public sectors at various levels of government programs, and this breadth of engagement underscores the importance of our practices meeting the diverse needs of our customers and users.”
ABOUT BARR Advisory
BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity consulting and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest-growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.
Let's chat about supporting your
people with Thrive.
Our team will be in contact within 2 business days.