SADA is pleased to announce that we have successfully completed a SOC 2 Type II audit of our system and organization controls, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy. SADA received a clean bill of health with zero exceptions noted in the audit report.
The controls that we have in place and continue to maintain enable us to properly serve customers and provide trustworthy and transparent solutions. Although compliance audits can be time-consuming, we pursue them voluntarily to improve our practices and to give our clients, partners, and employees peace of mind.
To successfully complete a SOC 2 Type II audit, an accredited third-party (a CPA firm accredited by the AICPA) must audit and attest to the following three things:
- The description of our internal controls (i.e. a description of the systems and processes that govern how we operate at SADA)
- That our internal controls are suitably designed and implemented
- That our controls are operating effectively (i.e. being followed) over a period of time
SADA was able to successfully demonstrate that we have implemented policies and procedures to support the operations and controls over the services and systems provided to our customers. Specific examples of the relevant procedures include, but are not limited to, the following:
- A formal risk assessment is performed on an annual basis. Risks identified are evaluated along with mitigation strategies and are formally documented.
- SADA has logical and physical security, change management, incident monitoring, and data classification, integrity, and retention controls, as necessary, with checks and balances woven into each applicable process to ensure quality of processing.
- SADA has established incident response plans for authorized users. All issues or breaches of the system are communicated to SADA either verbally or through the ticketing system or email. SADA notifies all parties involved with the issue immediately either verbally or in writing.
- Procedures have been implemented related to confidentiality of inputs, data processing, and outputs which are consistent with the documented confidentiality policies.
- Policies and procedures are in place for classifying data based on its criticality and sensitivity and that classification is one of many factors used to define protection requirements, access rights and restrictions, and retention and destruction requirements.
- SADA has documented and tested business continuity plans and procedures supporting system recovery to meet its objectives.
SADA is a global leader in providing business and technology consulting services that transform organizations by leveraging the entire Google Cloud portfolio. As a Google Cloud Premier Partner and 2019 and 2018 Google Cloud Global Partner of the Year, SADA has proven expertise in enterprise consulting, cloud platform migration, custom application development, workplace transformation, cloud managed services, and change management.
With thousands of companies migrated to Google Cloud since 2007, SADA has worked with some of the largest enterprise brands and public sector clients including Colgate-Palmolive, DISH, Cambridge Health Alliance, Papa John’s, and the State of Arizona.