Nile Successfully Achieves SOC 2 Compliance
At Nile, we continually invest in security best practices to ensure that our customers' data stays safe and secure. We're happy to say that we've achieved our SOC 2 assessment as part of our ongoing work. This is in addition to the ISO 27001 certification we got last year.
Achieving these standards validates our commitment to providing secure Nile service for our customers.
Earning the trust of our customers is paramount to our success. SOC 2 marks an important milestone in our compliance journey. We started with our ISO 27001 long before we had our first customer. Nile will continue to invest and strengthen our security and compliance initiatives giving our customers greater confidence in using our service.
– Pankaj Patel, CEO
What is the SOC 2 report?
A SOC 2 report addresses risks associated with the handling and access of data and can be used by a variety of organizations of any size (e.g., SaaS, colocation, data hosting, etc.). Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based on the Trust Services Criteria (TSC), which is used to find risks (points of focus) that an organization should think about addressing. Based on the TSCs that the organization chooses to be in scope, the third-party compliance and audit firm (in our case, A-LIGN) checks to see if the organization has the right policies, procedures, and controls to deal with the risks that have been identified.
There are five trust service criteria. Every SOC 2 report must include the first criterion, which is security. This is called the "Common Criteria." The remaining four are optional and include:
- Security (required)
- Availability (optional)
- Processing Integrity (optional)
- Confidentiality (optional)
- Privacy (optional)
For an organization to pass a SOC 2 exam and get a letter of attestation, it needs to have controls in place for areas like information security, access control, vendor management, system backup, business continuity and disaster relief, and more.
Why did Nile aim to achieve SOC 2 compliance?
Nile believes security should not be a choice for customers but a right. It is indeed for this reason that our services come with security features like zero trust isolation to protect the customer’s data in the campus, field level encryption to protect data at cloud, end-to-end network traffic encryption and support for modern authentication and authorization models.
We took SOC 2 to demonstrate our organizational security posture. Our SOC 2 report highlights the controls in place that protect and secure an organization’s system or services used by its customers. The scope of a SOC 2 examination extends beyond the systems that have a financial impact, reaching all systems and tools used in support of the organization’s systems or services.
Today, a lot of companies send their business operations and services to third-party vendors, which could put customer data at risk. Because of this, customers ask their vendors to get SOC 2 compliance to show that they follow strict IT security standards.
It's no trivial accomplishment by any chance, but we also realize this is one of many steps towards earning the trust of our customers.
The SOC 2 audit was conducted by leading compliance assessor A-LIGN, a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks.
Nile will perform a SOC 2 assessment on an annual basis and can make the report available to current or potential customers. If you are interested in viewing Nile’s SOC 2 report, please contact our team for a copy.
For more information, please visit our Security Standards and Trust page.