Your Data Is Safe With ToolWatch

Here's what you need to know about our SOC 2 Type 1 compliance report.

ToolWatch is on a mission to empower your organization to improve productivity by streamlining operations, safety, and profitability, and that includes avoiding data breaches that increase your risk exposure and can disrupt projects and deliverables.

Construction companies run on data, including significant amounts of sensitive financials for both you and your customers. Unfortunately, the construction industry was the third most targeted industry by ransomware in 2021.

The stories we’ve heard over the years include firms that were targeted and lost millions and billions of dollars attempting to recover from attacks. Security is no joke, and a breach could end up shutting down your entire operations for months. At ToolWatch, we want to eliminate your security concerns with the use of our solutions for all parties involved.

Although the compliance and protocol standards by which our company operates are stringent, we chose to take the voluntary steps of engaging with an independent auditing firm to verify and assess the design of our security processes. We understand the risks your company faces on a daily basis, and we are pleased to announce that after a thorough review of our systems, processes, and operations by an independent auditor, ToolWatch received its SOC 2 Type 1 compliance report. This report verifies that we operate at the highest standards of data privacy and security policies.

Our newly-acquired EHS management solution, Safety Reports, falls under this report umbrella as well. This milestone reflects our shared commitment to protecting your data in the era of ransomware attacks across the globe.

What is SOC 2?

Developed by AICPA, the most influential body of certified professional accountants worldwide, SOC 2 is used to evaluate how companies manage customer data according to five trust service principles:

1. Security
   Are system resources protected against unauthorized access? Involves IT security tools such as network and web application firewalls, two-factor authentication, and intrusion detection.

2. Availability
   Is the system accessible as stipulated by the contract or service level agreement? Involves monitoring network performance and availability, site failover, and security incident handling.

3. Processing integrity
   Does the system deliver complete and accurate data in a timely fashion and at an authorized rate? Involves monitoring of data processing coupled with quality assurance procedures.

4. Confidentiality
   Is the access and disclosure of data restricted to a specified set of persons or organizations? Involves network and application firewalls, rigorous access controls, and data encryption.

5. Privacy
   Does the company conform to its own privacy policy (as well as AICPA’s privacy principles) regarding the collection, use, retention, disclosure, and disposal of personal information?

Though it may seem odd for CPAs to lead the charge on data security, mishandled data by third-party vendors left many enterprises vulnerable to data theft and extortion. AICPA thus developed SOC 2 to protect the financial well-being of its members’ customers around the globe.

How does the SOC 2 process work?

No two SOC 2 audits are the same, as there is no rigid framework for companies to comply with. Instead, AICPA-licensed SOC 2 auditors design controls that are in line with each specific business case. These controls are built on one or more of the five trust service principles we shared previously.

If you wish to review the report produced by our AICPA-licensed SOC 2 auditor, please submit your request with the following form: