Management Science Associates, Inc. (MSA) owns and operates Western PA’s only pair of fully regionally redundant data centers. These highly secure facilities are among the best data centers in the region. These outstanding facilities are at the core of MSA’s entire suite of solutions, from colocation to cloud services, and from DR to managed services, just to name a few.
MSA has been a fixture in Pittsburgh’s IT community for over 50 years and our Tier III data centers represent the best and latest in technology, security, and network connectivity.
Introduction to SOC
Systems and Organization Controls (SOC) is a series of standards that exist to help measure how well a service organization conducts and regulates its information. Companies must have sufficient procedures in place to protect clients’ data to receive SOC certification.
SOC 1 reports on the service organization’s controls related to its clients’ financial reporting.
SOC 2 reports build on the financial reporting basis of SOC 1 and require standard operation procedures for organizational oversight, vendor management, and regulatory oversight.
SOC 2 Framework
The SOC 2 framework includes five key sections, forming a set of criteria referred to as the Trust Services Principles. These include:
- The security of the service provider’s system
- The processing integrity of this system
- The availability of this system
- The privacy of personal information that the service provider collects, retains, uses, discloses, and disposes of for user entities
- The confidentiality of the information that the service provider’s system processes or maintains for user entities
Type 1 vs Type 2
- Type 1 reports involve policies and procedures that were placed in operation at a specific moment in time.
- Type 2 reports involve policies and procedures over a specific time period; for this more rigorous designation, systems must be available for a minimum of six months.
Peace of Mind
Performance and reliability are paramount when working with cloud and other IT delivery models, and is often required by regulators, examiners, and auditors. MSA’s successful completion of the grueling process to achieve SOC 2 Type 2 certification serves as documentation of its ongoing commitment to keeping client’s sensitive data available and secure.