Clockwork is very excited to announce that for a second year in a row, we have successfully completed a System and Organization Controls (SOC) 2 Type II audit, performed by Sensiba San Filippo, LLP (SSF).

Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, processing integrity, confidentiality and privacy.

A SOC 2 Type II report describes a service organization's systems and whether the design of specified controls meets the relevant trust services categories, and assesses the effectiveness of those controls over a specified period of time. Clockwork’s SOC 2 Type II report did not have any noted exceptions and therefore was issued with a “clean” audit opinion from SSF.

About SOC 2 Type II Report.

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

• Oversight of the organization
• Vendor management programs
• Internal corporate governance and risk management processes
• Regulatory oversight

Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.