We are delighted to announce that Chakray has successfully undergone an audit process and achieved Service Organization Control (SOC) 2 Type I certification. With this SOC 2 Type 1 designation, Chakray continues to demonstrate its commitment to the highest standards of compliance and data security for our clients.
Chakray Awarded SOC 2 Type I Certification
A SOC 2 Type I certification attests to controls at a service organization (Chakray APAC) at a specific point in time. SOC 2 Type I reports on the description of controls that the service organization’s management provides and demonstrates that the controls are appropriately designed and implemented. SOC 2 reports are based on a set of trust principles rather than rigid security standards. Each certified organization designs its controls based on these trust principles, which are then third-party ascertained.
Conducted by KPMG Sri Lanka and KPMG India, this audit confirms that Chakray’s information security practices, policies, and procedures meet the rigorous SOC 2 standards for following trust criteria:
- Security – Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
- Availability – Information and systems are available for operation and used to meet the entity’s objectives.
- Confidentiality – Information designated confidential is protected to meet the entity’s objectives.
Javier Rul, CEO said:
“This is a huge achievement for the Chakray APAC team as well as for the company, which is embarking on building a strong security backbone, worldwide. It is with a sense of pride that I congratulate the functional leads of the Operations, Human Resources and Technical teams, who worked tirelessly together with the Information Security compliance team and Auditors to ensure we secure this attestation. Every team member of Chakray has taken accountability to comply with the policies and processes, as we progress towards gaining the Type II accreditation, which I believe will make all the difference!”
Importance of SOC 2 Type I Compliance
SOC 2 is a reporting framework created by the American Institute of Certified Public Accountants (AICPA). It is the highest industry standard for managing client data based on five principles: security, availability, processing integrity, confidentiality, and privacy. Compliance with SOC 2 requirements indicates that the service organization maintains a high level of information security and can also help ensure that sensitive information is handled responsibly.
It is a voluntary compliance standard, and service organizations design their controls to comply with one or more of the trust principles, making SOC 2 reports exclusive to each organization. These internal reports provide essential information about how a service provider manages data and informs their clients, business partners, regulators, and suppliers.
If you are interested in our consulting services and would like to receive a copy of our SOC 2 Type I report, do not hesitate to contact us!