Gallagher has announced they have achieved System and Organization Controls (SOC2 Type 2) certification for the cloud-hosted services of their flagship security solution – Command Centre.
The revered compliance standard for service organizations provides reassurance at the highest level that client data is securely processed and stored by Gallagher. It is maintained by the American Institute of Certified Public Accountants (AICPA) and demonstrates stringent internal controls for information security and privacy.
The SOC2 Type 2 certification rounds out a suite of standards and certifications achieved by Gallagher Security, including ISO27001, CAPSS 2021 and EN50131-4.
Mark Junge, Global General Manager, says the company welcomed the opportunity to undergo an external audit as part of the certification process, “Any business with cloud-hosted solutions that is serious about their data protection and privacy measures should be prepared to undergo this type of scrutiny,” Mark says. “At Gallagher, our customers place a huge amount of trust in our people, and our security solutions – the onus is on us to demonstrate we are worthy of this trust.”
SOC2 Type 2 certification also lays the foundation for the imminent move of Gallagher’s Command Centre from an on-premise to cloud-based solution. Guy Irvine, who is leading this development for Gallagher Security says: “This certification is evidence that the future of our enterprise security solution has cyber security and data ethics at its core.”
There are five principles in the SOC 2 framework: Security, Availability, Processing Integrity, Confidentiality, and Privacy. A business can be audited against any combination of these principles. During the audit process, all systems are reviewed by a trusted external third party to ensure they comply with the AICPA trust principles.