Consumers expect businesses to protect their personal identifiable information (PII). And while your business proactively takes extensive security measures to protect sensitive data, do your vendors do the same?
Take direct mail, for instance. While a postcard or letter can’t be hacked, the data in the computer networks of your direct mail vendor can be.
Vendors can create a weak link when it comes to data security. Take Target, for example. In 2013, the credit card numbers and verification codes of 60 million Target customers were exposed by hackers using the stolen credentials of a third-party vendor, an HVAC repair service.
This is why it’s critical for businesses to work with vendors that are SOC 2 compliant.
Here’s what you need to know about protecting sensitive data, including:
- What is SOC 2 compliance?
- What are the compliance standards of SOC 2?
- Why does SOC 2 compliance matter for direct mail campaigns?
What Is SOC 2 Compliance?
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 (System and Organization Controls) is a set of regulations developed that dictate how a business should manage customer data.
SOC 2 compliance proves that a business maintains a high level of information security, which is confirmed through a rigorous, on-site audit.
While submitting for SOC 2 compliance is completely voluntary, it’s considered the standard compliance indicator and “proves” that a business protects sensitive data in accordance with regulatory standards.
Audits are conducted by CPAs, who then generate a report that details how a business follows strict IT security protocols, minimizes incident impacts, and protects its systems and data from unauthorized access.
A service provider that receives a positive SOC 2 report is considered compliant.
Each company is different, so reports vary, but the compliance standards of SOC 2 cover five areas, or “trust principles.”
What Are the Compliance Standards of SOC 2?
The security assessment looks at the measures taken to protect unauthorized/malicious access to customer data, such as network or application firewalls, two-factor authentication and intrusion detection.
This principle ensures that the service provider can make information available to you–the client–even if something goes wrong. It includes performance monitoring, disaster recovery and security incident handling.
Does the service provider ensure quality and process monitoring? If so, you’ll know that data processing is done on time, accurately and only by authorized access.
The biggie! This trust principle assesses the service provider’s level of data encryption, access controls, and network or application firewalls.
Finally, we have privacy to ensure customer data is kept just that - private. This looks at access control, two-factor authentication and encryption.
Why Does SOC 2 Matter for Direct Mail Campaigns?
Protecting sensitive data is a must in today’s business environment.
- 92% of consumers say companies must be proactive about data protection. (PwC)
- 88% of consumers say the extent of their willingness to share personal information is based on how much they trust a company. (PwC)
- 48% of consumers have stopped buying from a company over privacy concerns. (Tableau)
Since direct mail campaigns use customer data, it’s critical to verify that your direct mail vendor is SOC 2 certified.
Similar to a restaurant displaying its health department grade, SOC 2 compliance means that an independent third-party has evaluated how a service provider, in this case, a direct mail vendor, manages customer data.
While businesses in regulated industries are well-versed in protecting sensitive data and
SOC 2 compliance, every business in every industry needs to proactively protect sensitive data–and ensure that vendors do, too.
Protect Sensitive Data with Jet Mail
Jet Mail is SOC 2 compliant to provide our customers with 100% confidence that their data is handled with the utmost level of security, privacy and confidentiality. We take extensive measures to protect your data, including:
- Robust password security.
- Employee background checks.
- Extensive employee training.
- Physical access controls.
- Security training.
- Multi-factor authentication.
Any of our customers or prospective customers are welcome to request our SOC 2 compliance report for extra peace of mind.
If you’re looking to deliver fast, effective and secure direct mail campaigns, you’re looking for Jet Mail. Contact us today to get started.