Choosing Security-Audited Technology Partners

By NE Docs | September 1, 2022

How can you help assure that your data is safe and secure?

Increasingly, companies of every size face security threats that pose risks to their business continuity. Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC’s “2021 Ransomware Study.” The FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January 1 to July 31, 2021. This represents a 62% year-over-year increase.

Even small businesses are susceptible. Recent statistics show, “43% of cyber-attacks target small businesses. 60% of small businesses that are victims of a cyber-attack go out of business within six months.”

These attacks often occur because of slack security policies, whether internal or external to your organization. For example, how can you know if the vendors whose services you use are secure? states, “It’s your risk, so you have to select vendors that are going to protect your risk interests well.” Today’s enterprise best practices include working with technology vendors who are security audited.

Risks with Unaudited Vendors

Checking if your vendors have been audited and looking into the quality of the audits can help you avoid questionable service offerings and untested systems. notes, “A security audit is a systematic evaluation of the security of a company’s information system by measuring how well it conforms to an established set of criteria. A thorough audit typically assesses the security of the system’s physical configuration and environment, software, information handling processes, and user practices.”

There are several warning signs that a vendor is not maintaining secure IT safeguards and it generally includes missing and poorly managed protocols. Risk factors may be found in:

  • Security policies
  • Vulnerability scanning and penetration (pen) testing
  • Two-factor authentication for remote access users
  • Dedicated and resolute security staff
  • Disaster recovery (DR) plan or business continuity plan
  • Centralized log management
  • Intrusion Prevention System (IPS)
  • Data Loss Prevention (DLP) or critical data control plan
  • Patching
  • Network architecture and data flow map

Security Audited Technology Services also writes about, “…three main types of security diagnostics, along with vulnerability assessments and penetration testing. Security audits measure an information system’s performance against a list of criteria. A vulnerability assessment is a comprehensive study of an information system, seeking potential security weaknesses. Penetration testing is a covert approach in which a security expert tests to see if a system can withstand a specific attack. Each approach has inherent strengths and using two or more in conjunction may be the most effective approach.”

NEdocs has been providing secure technology services to its clients for nearly 40 years. As one of our managers notes, “We go through a pretty extensive one [security audit], one that some of our competitors do not do, which sets us apart from others in the industry.” To give our clients confidence when sharing their data, we subject our company to be tested for three trust factors: security, availability and confidentiality.

Our firm voluntarily completes SOC 1 and SOC 2 Type 2 audits. SOC 1 audits provide a certified assessment and report on an organization’s capability and commitment to delivering secure services to its clients. SOC 2 Type 2 audits cover the AICPA Security and Availability Trust Services Principles for document scanning and records storage solutions in both its Manchester and Hooksett, NH locations. The SOC 2 Type 2 report is an objective audit conducted by a third party in accordance with attestation standards established by the American Institute of Certified Public Accountants/AICPA. These standards require a thorough examination to obtain reasonable assurance about whether controls are suitably designed for the enterprise and operating to meet applicable trust services criteria.

In addition to the physical security of its buildings, NEdocs has established internal controls, policies, and procedures that ensure compliance with prominent regulatory standards, including:

  • SOC 1 and SOC 2 Audits
  • Privacy and GLBA
  • Massachusetts CMR17
  • Fair Credit Reporting Act

By working with SOC-certified technology partners like NEdocs, you benefit from knowing that we have passed an objective, third-party audit of internal controls, policies, and procedures by an independent certified public accountant. This illustrates the strength of our business practices and operating environment. You may rest assured that our internal controls are tested and secure for your data and document safety.

For further information about how our secure services can protect your data and documents from cyber-attacks, intrusion attempts, disasters, loss, and theft, give us a call at (603) 625-1171.

Leave a Comment

Your email address will not be published.