SSAE 16 SOC 1 Type II Certified Company
SecureData, Inc. holds a third-party certification demonstrating full compliance with SSAE 16 Type II SOC-1 standards. While many software developers use relatively basic security systems, we protect our clients' privacy through a regularly updated system of strict controls, taking appropriate actions to adapt to new threats in order to provide the best possible experience.
Our SSAE 16 Type II SOC-1 certification ensures consistent safety throughout your ordering process.
Established to ensure standardized security practices among service providers, SSAE 16 is a detailed system of attestation standards used throughout the software development industry. SecureData, Inc. was the first professional data recovery company to earn this credential, which we maintain through annual tests and audits, and we update our practices as needed to provide appropriate protection for our customers.
View our full SSAE 16 Type II SOC-1 audit compliance report and accompanying documents below.
SSAE 16 is an updated version of SAS 70, which is still widely used by service providers. However, it contains a number of important updates, and our compliance report contains a detailed overview of the standards and practices we use to protect personally identifiable information. All information collected by SecureData, Inc. is carefully controlled and handled using up-to-date encryption in compliance with PCI-DSS and other widely used information security laws.
Differences Between SSAE 16 and SAS 70 Security Standards
As mentioned above, SSAE 16 is often considered a continuation of the widely used SAS 70 standards. The primary advantage of SSAE 16 is the addition of attestation requirements, which compel businesses to test their systems and access controls to provide consistent security for their customers.
We maintain full compliance with various privacy laws when handling payment information and other sensitive data.
Attestations are typically carried out by a qualified third party, and the accompanying certification documents show that the data recovery provider is qualified to provide safe services. Over the course of our attestations, we demonstrate the controls that we use to protect our clients' data, including but not limited to our server technologies and encryption algorithms.
We must also demonstrate a process for updating our networks and data storage devices in order to maintain a secure facility. The third-party auditor presents comments, which show whether our security practices are appropriate and whether they operate effectively. The auditor also judges whether our controls sufficiently address the claims made in our submitted reports.
While SSAE 16 Type II SOC-1 is primarily intended for service-industry businesses, software developers can use the credential to demonstrate a preference for secure practices. This is especially important for data recovery software development, as privacy is an important factor when recovering files from any type of system.