Carlsbad, CA- August 5, 2018– AESC has received System and Organization Controls (SOC) 2 Type II certification, an important distinction for organizations that handle sensitive client data. AESC has been SOC certified since 2016, but through this updated certification, and associated third-party examination, AESC has proven that its data security and IT principles are designed to keep its clients’ sensitive data secure.
At AESC, along with handling many thousands of transactions annually containing personal and utility-based confidential data, comes the responsibility of ensuring the integrity and security of the data is maintained. The SOC protocol was developed primarily for businesses seeking the highest security credential for providing IT and cloud-based services, and is now becoming widely recognized, and sometimes required, for program administrators in the utility space. By working with a SOC 2 certified company like AESC, clients and partners are ensured that data is kept secure through the implementation of standardized controls as defined in the Certified Public Accountants (AICPA) Trust Service Principles framework.
AESC’s Director of Software and designated Information Security Officer, Kevin Tock, stated that, “Achieving this credential is a crucial step in today’s environment fraught with cyber-security risks. We handle many types of privileged and confidential data for all our clients, so for our business it was essential to have the correct internal processes in place. Our industry is increasingly seeing the value in the SOC 2 credential, and we are happy to say our efforts have been validated.”
Background on SOC 2
The Service Organization Control 2 Type II examination demonstrates that an independent accounting and auditing firm has reviewed and examined an organization’s control objectives and activities and tested those controls to ensure that they are operating effectively. The SOC 2 protocol is based on Policies, Communications, Procedures and Monitoring. The specific Trust Service Principles explained below must be met in order to successfully achieve certification.
- Security: The system has controls in place to protect against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, accurate, timely and authorized.
- Confidentiality: Information that is designated as “confidential” by a user is protected.
- Privacy: Personal information is collected, used, retained and disclosed in accordance with the operation’s privacy notice and principles set by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
There are two types of SOC 2 reports: Type I and Type II. The Type I report is preliminary to the Type II report and is based on the ability to test and report on design. Type I reports are issued to organizations that have audited controls in place but have not yet audited the effectiveness of the controls over a period of time. AESC achieved this Type I status in 2016. The Type II report is issued to organizations that have audited controls in place and the effectiveness of the controls have been audited over a specified period of time. AESC initially achieved Type II status in 2017, and this subsequent renewal is the most recent validation.
About AESC
Alternative Energy Systems Consulting, Inc. (AESC) is an energy engineering practice that drives solutions in energy efficiency, renewable energy, distributed energy resources, and custom software implementation. AESC implements efficiency and resiliency of electric, gas, and water systems for the benefit of utilities, customers, and facility owners. Our team of engineers and program managers share our customers’ passion to maintain healthy, sustainable public and private energy infrastructure. Founded in 1994, AESC has offices in Carlsbad, Pasadena, Oakland, and Fresno, California and also in Portland, Oregon and Charlotte, North Carolina.
For more information, connect with us on LinkedIn.
– ### –
Media inquiries:
Brian Lynch
Program Manager
503.442.0000
[email protected]
