iLobby + SOC 2 Type 2 Compliance
SERVICE ORGANIZATION CONTROLS (SOC) COMPLIANCE
SOC 2, Type 2 is one of the highest levels of security certification for technology companies who store customer data in the cloud and it was established to mitigate the risk and exposure of sensitive data. This certification ensures that iLobby has established internal security controls in place, follows strict information security policies and procedures, and actively monitors to prevent threats and risks. It ensures that we can quickly respond to critical situations and tackle problems right at the source in order to prevent your confidential and sensitive information from unauthorized access or disclosure.
iLobby undergoes technical audits regularly to ensure the safeguarding of your confidential, private, and sensitive information. The SOC 2 Type 2 certification shows iLobby’s commitment to protecting our clients’ data, and ensures that iLobby has strict internal processes for handling your data in order to meet all of the best-practices for security, availability, processing integrity, confidentiality, and privacy.
Here's how iLobby® keeps your data safe while meeting the SOC 2 Type 2 security principle:
Physical and virtual assets awareness
The first step to SOC 2 Type 2 is being able to account for where all pieces of data are stored on site within our office, which regions data centres are located in, and how and where data is stored virtually in the cloud.
System vulnerability identification
Vulnerabilities in iLobby’s systems and processes are assessed and addressed at minimum on a quarterly basis, and audited regularly as part of the compliance and security program.
Threat and intrusion detection (IDS)
iLobby has established processes and practices in place for oversight across all host, network, and cloud environments ensuring that we are aware of any threats across the infrastructure. We actively monitor for malicious or unusual activities, unauthorized system configuration changes, and user access levels. Any intrusions detected raise associated alarms, and are immediately looked into.
Orchestrated incident response
iLobby is able to act quickly to isolate system components in the event of malware infection, and prevent its spread throughout the rest of the network. With automated alerts in place and active monitoring, it makes it easy to identify threats and respond to them instantly to take corrective measures and mitigate risks to your organization or the exposure of data.
iLobby keeps a paper trail and logs all events and actions across our servers, services, and applications, both on premises and in our cloud environment. The data is available centrally in one location, so that we can analyze real-time events, identify trends, assess where threats originated, and make quick decisions about how to respond to risks.
Integrated threat intelligence
iLobby keeps up to date on new threats and vulnerabilities, as well as how to properly address them in order to mitigate any potential risks. Knowledge of the latest cybersecurity threats and vulnerabilities enables proactively identifying potentially problematic changes in data trends, and spotting problems before they become system-wide issues which can lead to the exposure of sensitive data.
File integrity monitoring (FIM)
iLobby actively identifies when and how unauthorized changes were made that could introduce vulnerabilities and risk to the infrastructure. This involves real-time monitoring of changes to files, directories, and the Windows Registry.
Security and compliance reports and view
The iLobby environment is monitored on a day-to-day basis through reporting and dashboard views. Daily scheduled reports to management and regular reporting to auditors ensures that security controls are in place and functioning properly.