Planview Enterprise Successfully Completes Cloud Security Audit SOC Type II
February 2016 by Emmanuelle Lamandé
Planview® is announcing that its cloud-based portfolio and resource management solution Planview Enterprise has successfully completed the Service Organisation Control 2 Type II audit. The audit serves as an important verification for Planview’s cloud customers as the software meet tough requirements for security, availability confidentiality and privacy.
The SOC 2 Type II audit is a verification that the solution matches the criteria defined by the American Institute of Certified Public Accountants (AICPA) in their Trust Services Principles for security and availability.
The Service Organisation Control 2 Report is performed in accordance with AT 101, requirements for non-financial reporting by Certified Public Accountants, and based upon the Trust Services Principles. The principles predefine criteria for vendors and business owners, making it easier to know what compliance needs are required and how to evaluate cloud solutions. The principles are based on four areas: policies, communications, procedures, and monitoring. Each of the principles have defined criteria (controls) which must be met to demonstrate adherence to the principles.
The audit includes a full assessment of:
Security: Data centers are protected against unauthorized access (both physical and logical).
Availability: Data centres are available for operation and use as committed or agreed.
Processing integrity: Processing is complete, accurate, timely and authorised.
Confidentiality: Information designated as confidential is protected as committed or agreed.
Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with privacy principles issued by the AICPA and the Canadian Institute of Chartered Accountants (CICA).