Navetti has demonstrated its commitment to the highest levels of data security by successfully completing an external audit validating its data security standards and operations, SOC 1 and SOC 2. The audit was done by the US auditing firm Skoda Minotti and verified Navetti’s continued performance based on the American Institute of Certified Public Accountants, AICPA, standards.
“Pricing and price optimization systems handle sensitive financial data, so data security is of the utmost importance to Navetti”, says Andreas Westling, Navetti CEO. “We are naturally very pleased that the extensive audit process performed by Skoda Minotti has verified that our operational processes and system specifications continue to meet the most stringent standards that the market has specified, and that we keep the SOC 1 type II and SOC 2 type II certification. We know from our large and growing number of blue-chip customers that this is an area of highest importance for clients, so we are proud to be able to say that we are trusted by the companies that are trusted the most in their respective categories.”
The SOC (System and Organization Control) audit looks at the levels of control and security within a company. The audit covers two dimensions of control:
SOC 1 is based on AICPA Statement on Standards for Attestation Engagements (SSAE) #18: Reporting on Controls at a Service Organization and evaluates the effect of the controls at the service organization on the user entities’ financial statement assertions. SOC 1 type II reports are important components of user entities’ evaluation of their internal controls over financial reporting for purposes of complying with laws and regulations such as the Sarbanes-Oxley Act and the user entities’ auditors as they plan and perform audits of the user entities’ financial statements.
Skoda Minotti’s testing of Navetti’s control environment, SOC 1, included an examination of Navetti’s policies and procedures regarding computer operations, application change control, information security, and data communications. Upon completion of the examination, Navetti received a Service Auditor’s Report demonstrating that their policies, procedures, and infrastructure controls were suitably designed and operating effectively to achieve the related control objectives throughout the examination period.
SOC 2 is based on the AICPA guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. The SOC 2® Type II report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design and operating effectiveness of its internal controls. A service organization may select any or all of the trust service principles applicable to their business and Navetti chose to report on security, availability, processing integrity, and confidentiality.
Skoda Minotti’s testing of Navetti’s controls included examination of their policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of their business. The successful completion of this voluntary engagement illustrates Navetti’s ongoing commitment to creating and maintaining a secure operating environment for their clients’ confidential data. Upon completion of the audit, Navetti received a Service Auditor’s Report demonstrating that their policies, procedures, and infrastructure meet or exceed the stringent SOC 2® criteria.
For more information on how Navetti handles data, go to https://www.navetti.com/our-expertise/data-security/