Your Data Is Safe With ToolWatch
Here's what you need to know about our SOC 2 Type 2 and SOC 3 compliance report.
ToolWatch is on a mission to empower your organization to improve productivity by streamlining operations, safety, and profitability, and that includes avoiding data breaches that increase your risk exposure and can disrupt projects and deliverables.
Construction companies run on data, including significant amounts of sensitive financials for you and your customers. Unfortunately, the construction industry was the third most targeted industry by ransomware in 2021.
The stories we’ve heard over the years include firms targeted and lost millions and billions of dollars attempting to recover from attacks. Security is no joke, and a breach could shut down your entire operations for months. At ToolWatch, we want to eliminate your security concerns by using our solutions for all parties involved.
Although the compliance and protocol standards by which our company operates are stringent, we chose to take the voluntary steps of engaging with an independent auditing firm to verify and assess the design of our security processes. We understand the risks your company faces daily, and we are pleased to announce that after a thorough review of our systems, processes, and operations by an independent auditor, ToolWatch received its SOC 2 Type 2 and SOC 3 compliance reports. These reports verify that we operate at the highest data privacy and security policies standards.
Our safety management solution, Safety Reports, also falls under this report umbrella. This milestone reflects our shared commitment to protecting your data in the era of ransomware attacks across the globe.
What is SOC 2?
Developed by AICPA, the most influential body of certified professional accountants worldwide, SOC 2 is used to evaluate how companies manage customer data according to five trust service principles:
Are system resources protected against unauthorized access? Involves IT security tools such as network and web application firewalls, two-factor authentication, and intrusion detection.
Is the system accessible as stipulated by the contract or service level agreement? It involves monitoring network performance and availability, site failover, and security incident handling.
- Processing integrity
Does the system deliver complete and accurate data promptly and at an authorized rate? Involves monitoring of data processing coupled with quality assurance procedures.
Is the access and disclosure of data restricted to a specified set of persons or organizations? Involves network and application firewalls, rigorous access controls, and data encryption.
Though it may seem odd for CPAs to lead the charge on data security, mishandled data by third-party vendors left many enterprises vulnerable to data theft and extortion. AICPA thus developed SOC 2 to protect the financial well-being of its members’ customers around the globe.
How does the SOC 2 process work?
No two SOC 2 audits are the same, as companies have no rigid framework to comply with. Instead, AICPA-licensed SOC 2 auditors design controls aligning with each business case. These controls are built on one or more of the five trust service principles we shared previously.
What is SOC 3?
SOC 3, also known as Service Organization Control 3, is a compliance report that verifies a company's adherence to the principles of SOC 2: security, availability, processing integrity, confidentiality, and privacy. A SOC 3 report provides a high-level summary of the company's SOC 2 report. It is essential for construction companies as it demonstrates their dedication to safeguarding customer data and mitigating any risk that can disrupt operations and lead to significant loss.
If you wish to review the report produced by our AICPA-licensed SOC 2 auditor, please submit your request with the following form: