TulsaConnect's facilities and operations have been SOC1 and SOC2 Type 2 audited.
What is SSAE SOC1 and SOC2 Type 2?
SOC is an acronym for "System and Organization Controls". It is an accounting standard developed by the American Institute of Certified Public Accountants that audits the internal controls of service organizations, such as TulsaConnect. It was created to help identify those organizations willing to hold themselves to a very high level of standards.
What happens during a SOC1 and SOC2 Type 2 audit, and what types of things do they look at?
During a SOC1 and SOC2 Type 1 audit, the auditor examines the controls that the service organization claims to have in place at a specific point in time and issues an opinion on if those controls are appropriate and effective. A Type 2 audit is similar to a Type 1 audit, except the controls are tested over a longer period (typically 6 months or longer). SOC1 primarily looks at financial controls, while a SOC2 looks at operational and security controls.
What is a "control"?
A control is a process, policy, or tool that you have in place which is designed to enforce a specific claim. For example, TulsaConnect has controls in place to ensure that only authorized personnel have physical access to our Data Centers. These controls consist of biometric security devices, entry/exit logs, and record-on-motion security cameras. All customer access to the facilities are via TulsaConnect escort only.
Why is SOC1 and SOC2 Type 2 Important for TulsaConnect?
Having a report available for our customers demonstrates our commitment to complete transparency into our policies, procedures, and controls. In addition, having TulsaConnect's SOC1 and SOC2 Type 2 report available may simplify any internal or external audits that a customer organization may be subject to.
