We’re an “open book” in the sense that we’ve adopted the AICPA Trust Services Principles, have been audited receiving a favorable SOC 2 Type II report, subjected ourselves to external penetration tests by industry leading firms, and are willing to complete vendor security assessment documentation no matter what size the customer. In fact, we have created a secure Virtual Data Room specifically for Due Diligence for our clients. You are provided with unique credentials in order to access the “room” and review all of our diligence documentation as well as audit reports. Of course, we’re also happy to jump on the phone any time to discuss our security practices, architecture, or our implemented security features built into our SaaS or implemented within our controlled environment.
Every year Mortech is part of a voluntary SOC 2 (Service Organization Controls) Type II certification. A bit more rigorous, a type II audit examines the description and design of internal controls like a Type I audit, and also the operating effectiveness of those controls for a specified period. This third-party security audit created by the American Institute of CPAs (AICPA) measures an organizations ability to control its information, and obviously a very important part of a Software as a Service like Marksman. You’ll be glad to know that we passed (again). If it’s important to you — and security always is — it’s important to us.
Each year Mortech strives to increase our level of security standards by monitoring and implementing industry security best practices. Conducting an annual SOC 2 audit with the emphasis on security keeps us accountable and engaged in delivering a trusted service to our Marksman clients.
The security of our customers’ data is our top priority and this should be the philosophy for other Software as a Service providers. As you evaluate SaaS vendors to partner with, make sure you feel comfortable when it comes to the security of your data. Ask about audits…at the end of the day, it’s your data and you should be able to trust your third-party technology vendor.