Data security as well as reliable and safe processing of customer data is our top priority. After having obtained the SOC 2 Type 1 report, we have also completed the System and Organization Controls 2 (SOC 2) Type 2 examination of HoloBuilder™, FARO Sphere® XG and Sphere® Legacy.
Obtaining the internationally recognized SOC 2 Type 2 attestation demonstrates FARO ’s secure organizational posture for optimum safety regarding the Trust Service Criteria (TSC), i.e. information security, availability, processing integrity, confidentiality, and privacy.
Key differences between a SOC 2 Type 1 and a SOC 2 Type 2 report
The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC) set up by the American Institute of Certified Public Accountants (AICPA), which are used to identify various risks (points of focus) an organization should consider addressing.
The SOC 2 Type 1 report focuses on a company's safety controls at a given time. It evaluates whether the control systems for security and compliance are designed and put in place correctly and are suited to protect customer data. However, it does not provide any assurance regarding the effectiveness of these control systems over time.
The SOC2 Type 2 report evaluates the effectiveness of a company's safety controls over a period of time, typically between 6 to 12 months. The audit does not only verify whether the control systems are designed and put into place correctly, but also whether they are effective during the specified period.
Who conducted the SOC 2 Type 2 audit?
The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks.
How does this affect you?
Obtaining the subsequent SOC 2 Type 2 attestation provides you with confirmation that FARO is meeting our documented security and availability standards. These include:
Security processes adhering to industry best-practices
Efficient and holistic disaster management procedures
Documented and efficient processes concerning sensitive data
How can you request a copy of the report?
Your FARO sales contact person can send you a non-disclosure agreement which you must sign and then send back. Upon receipt of the signed non-disclosure agreement the FARO contract desk will send you a .pdf copy of the SOC 2 Type 2 report.