eScholar is proud to announce that it has once again successfully completed a Service Organization Controls (SOC) 2 Type II examination for its Complete Data Warehouse and on the suitability of the design and operating effectiveness of its controls relevant to security and privacy.
What is SOC 2 Compliance?
Established by the American Institute of Certified Public Accountants (AICPA), SOC 2 verification requires companies to implement rigorous controls around applicable trust services criteria. A Type 2 assessment evaluates the effectiveness of these policies over an extended period, ensuring continuous adherence to best practices.
Security
The objective of the security criteria is to ensure that information and systems are protected against unauthorized access, unauthorized disclosure of information and damage to systems.
The nine common criteria (CC) that make up the security category include:
- CC1: Control Environment
- CC2: Information and Communication
- CC3: Risk Assessment
- CC4: Monitoring Activities
- CC5: Control Activities
- CC6: Logical and Physical Access Controls
- CC7: System Operations
- CC8: Change Management
- CC9: Risk Mitigation
Privacy
The objective of the privacy criteria is to ensure that personal data is handled in accordance with laws and regulations and customer requirements.
The SOC 2 Type II report, issued by Cherry Bekaert LLP, an independent Certified Public Accountant firm, demonstrates eScholar’s commitment to protecting customer data and maintaining robust security controls. At eScholar, we understand that we have a great responsibility as a vendor serving the education field. eScholar serves many education agencies and our data management solutions have an impact on over 20 million students. The proper handling of our client’s data, including student data, is a top priority for us.
