Security is at the forefront of everything we do at BP Logix. By ensuring the safety of our customers’ data we facilitate their journeys to better, more secure, process applications. This means happy customers, and better business operations. Our recent SOC 2 certification is testament to our ongoing commitment to deepening the trust of our customers and other stakeholders in Process Director.
Achieving SOC 2 status gives us verifiable proof that we demonstrate operational excellence and deliver to our customers the assurance that we are committed to ongoing client security. It’s something that is both integrated in how we conduct our business, as well as in how we build our solution. Customers and partners want assurances that their data is not only being treated securely, but that the company that stands behind Process Director operates as a trusted source, and with continuous application of processes and methods that meet strict security-first requirements.
The SOC 2 standard was created, and continues to be governed, by standards developed and managed by the American Institute of Certified Public Accountants (AICPA). It was designed as a way to enable organizations that transact private data with options for communicating information about their system descriptions and deliver sensitive information. While there are different SOC standards, SOC 2 is especially important for business processes because in addition to making sure data is safe when stored, it also pertains to data when it’s made accessible to external sources.
SOC 2 provides detailed information related to, and gives assurance of, an entity’s controls surrounding the security, availability, and processing integrity of the systems used to process users’ data. This also extends to the confidentiality of the data processed by these systems. SOC 2-compliant companies must demonstrate that they are managing customer data against five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.
For BP Logix customers, our SOC 2 compliance means they can trust that we operate with the following principles tightly integrated into Process Director and in every interaction with customer data:
One of the most important aspects of any process is the data being used within the process. That data drives decision-making and enables various actors to apply their knowledge in the right context, at the right time. Contextual insights drive process activity, but what if that there was a compromise of your IT infrastructure? Data could be compromised, and it would normally require forensic analysis to understand just what was affected. SOC 2 compliance requires that organizations gather information and store them as logs. If a data breach is discovered, an audit of these logs means the customer can easily identify where issues exist, the data affected, and then more easily apply fixes. This is a huge help for customers because it can help them isolate issues before they become bigger problems for their company.
Process Director users not only actively develop process applications, but also constantly point to the demonstrable benefits yielded from them. In essence, this is all about identifying the right data within the organization’s infrastructure, putting it to use in the appropriate, contextual place, and transacting with it to achieve specific goals. And in order to do this, business processes have to be complete, substantiated, accurate, timely, and accessible.
However, the integrity of the process does not necessarily translate into integrity of the data. SOC 2 offers a framework so that the data being used is accurate and devoid of misuse. Adhering to SOC 2 means that data that containing errors prior to being included in a process will be detected. Process Director’s adoption of SOC 2 principles means that data, and the processes used with the data, are monitored with quality assurance procedures and ensure processing integrity.
Process applications rely on specific levels of access and entry points; it’s one of the ways that control is applied to ensure consistency. Limiting access helps maintain a level of confidentiality, and SOC 2 Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations.
Process Director supports this approach through federated identity management which enables companies to include third parties as active participants in their processes and workflows. Authentication mechanisms like ADFS, SAML and OAuth give partners and suppliers access and create a new dynamic of collaboration, while giving companies greater control over who has access to what information.
Process Director was developed to provide the highest possible service to organizations that want to improve business performance through process-driven methods. With SOC 2 certification, Process Director can now ensure that customers get the highest level of availability, security, and consistency in our operational practices.