As of May 2, 2022, we’re proud to announce that Inkit has achieved SOC 2 Type II compliance, under American Institute of Certified Public Accountants (AICPA) standards for: SOC for Service Organizations (also known as SSAE 18).
Achieving this standard with a qualified opinion serves as third-party validation that Inkit Inc provides enterprise-level security for customers’ data secured in the Inkit Inc System.
Inkit provides a cloud-based document generation platform for its users and its latest certification highlights the organization’s ability to protect any customer data collected during operations.
SOC 2 covers the criteria as laid down by the AICPA. These criteria determine how customers' data should be managed and includes:
- Confidentiality: This criterion covers network firewalls, encryption, and control of access. The principle of confidentiality implies that data that is meant to be private should be secured in an airtight manner. Data or information of either the company or its customers should be confidential.
- Security: This criterion covers technologies to detect intrusion and 2-FA (2-factor authentication). Data should be securely guarded against unwanted access, removal, or unauthorized modification in every way. Information technology should be deployed to ensure data security on the network or applications to prevent intrusion.
- Privacy: This criterion covers encryption and restricted access to private information. The principle of privacy involves the use, release, discarding, or retaining of private details. Some information classified as personally identifiable information (PII) should remain private, and not be tampered with.
- Integrity: Processing integrity majorly covers quality assurance. Good processing integrity can be enhanced by properly checking the processing of data. However, the type of data entered is the type of data that would be processed. This implies that the data processing aspect is not responsible for erroneous data.
- Availability: This criterion covers security incident handling and monitoring of network performance. The principle involves the accessibility of the network or system, as agreed upon by the two sides of any business contract or arrangement.