Corporate security and your compliance training.

Corporate security and your compliance training.

You may be wondering how corporate security and your compliance training tie together. Maybe we’re referring to having your learners take a course on security? Well, that’s not the topic for today.

We want to discuss the security of your training records, which includes personal information on your learners, such as their names and email addresses and what training they’ve completed (or not). Then there’s the information about your Compliance Officer or account administrator.

Why is this a concern? Attacks by email (phishing) are becoming commonplace these days. There’s a lot of talk about ‘social engineering’ being used to breach your company’s network. It doesn’t matter how big or how small your company is – the bad guys want in. Here’s an example.

In 2020, a healthcare provider had two employees targeted through a phishing attack (in this case, spear phishing). Somehow, the criminals got enough information about the company and/or the employees to craft a convincing message (see the phishing link above for more details). That’s not difficult. Through those two compromises, attackers then accessed more employee email accounts and, eventually, patient records. The information accessed included names, birthdates, banking information, drivers’ licenses and more. The illicit access lasted for several weeks before it was discovered and shut down. Subsequently, the company’s reputation was in tatters.

Your company’s efforts alone aren’t enough anymore. What about service providers who hold data about your company, your employees or your network? Are they vulnerable? What can they do to mitigate their vulnerabilities, and how can you be confident in them?

This is where the SOC2 certification comes in. Before we get into some details, we want you to know that Tamlo’s learning platform, called RapidLMS, is SOC2 Compliant. The email addresses, names and all identifiable information of your employees is well protected.

What is SOC 2 Certification, and Why Does It Matter?

SOC 2 certification is a term you might encounter when looking for a software or service provider. But what does it really mean, and why should you care?

SOC 2 Certification: A Trustworthy Seal

Think of SOC 2 certification as a seal of approval that says, “This company takes data security seriously.” It’s a rigorous audit process that ensures a company has implemented the necessary controls to protect your sensitive information. To maintain certification, a company requires a full-scope security examination annually.

Why is SOC 2 Important?

When you share personal or business data with a company, you’re putting your trust in them to keep it safe. SOC 2 certification gives you peace of mind knowing that they’ve taken steps to prevent data breaches and protect your privacy.

What Does SOC 2 Cover?

SOC 2 covers five key areas:

  • Security: Protecting your data from unauthorized access.
  • Availability: Ensuring your data is accessible when you need it.
  • Processing integrity: Making sure your data is processed accurately and completely.
  • Confidentiality: Keeping your data private and confidential.
  • Privacy: Protecting the personal information of individuals.
 
So, Should You Look for a SOC 2 Certified Provider?

Absolutely! Choosing a SOC 2 certified provider shows that they’re committed to data security and privacy. It’s a sign that they’ve invested in the necessary measures to protect your information, making them a reliable and trustworthy partner.

In Conclusion

While SOC 2 certification might sound technical, it’s a simple concept. It’s a way to ensure that the companies you do business with are taking the necessary steps to protect your data. So, the next time you’re looking for a software or service provider, ask if they’re SOC 2 certified.

If you’re already training with Tamlo International, you can rest assured that your records are well secured. Working together, we can SOC(it)2 the bad guys.