We meet and exceed high infrastructure and security standards and maintain SSAE 16 SOC 1 Type II and SOC 2 Type II. This streamlines the process for enterprise customers who are required to comply with industry regulations, such as HIPPA and PCI DDS, and provides additional peace of mind.
SSAE 16 SOC 1 Type 2 Report
Cavern Technologies takes compliance seriously and engages with CBIZ, a third party auditor, to perform annual audits of its financial statements as well as internal controls. Reports are prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. The reports are important elements of Cavern’s evaluation of its internal controls over financial reporting for purposes of the Sarbanes-Oxley Act as well as for external auditors as they plan and perform audits of the financial statements. Cavern is SOC 1 Type 2 Certified which reports on the:
- Fairness of the presentation of Cavern’s description of its systems, and
- Suitability of the design and operating effectiveness of the controls in place to achieve the related control objectives included in the description throughout a specific period.
SSAE 16 SOC 2 Type 2 Report
All data centers managed by Cavern undergo annual audits conducted by an external auditing firm to complete SOC 2 Type 2 reviews. These certifications bring extra assurance of our deep commitment to maintaining the most rigorous standards of excellence for data center operations, corporate controls, security and environmental compliance. SOC 2 certifications are issued by the American Institute of Certified Public Accountants (AICPA) to service organizations who fulfill stringent requirements for management services including:
- Security – System is protected against unauthorized access (both physical and logical)
- Availability – System is available for operation and use as committed or agreed
- Processing integrity – System processing is complete, accurate, timely and authorized
- Confidentiality – Information designated as confidential is protected as committed or agreed
- Privacy – Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.