Qube Completes SOC 2 Type I Audit

Author: Dave Levy

Qube’s SOC 2 Type I audit verifies that we have effective controls in place to ensure our customers’ data security, and affirms our commitment to the highest operational standards for data management.

The Importance of Qube’s SOC 2 Type I Audit

Customers need assurance that service providers have adequate controls in place to protect their data. It is therefore imperative that Qube does everything possible to protect customers and the data they share with us.

That is why Qube has undergone a rigorous SOC 2 Type I audit. SOC 2 audits are widely recognized as the industry standard for assuring that a service provider can protect customers’ data, and that the controls it has in place are designed properly and operating securely and effectively. This important audit verifies that Qube has an effective system of controls in place to protect customers’ data.

Qube’s SOC 2 Type I audit demonstrates our commitment to customer data security. Qube is committed to completing a SOC 2 Type II audit, which will verify that we are maintaining these data security controls over time. 

Background on System and Organization Controls (SOC) 

System and Organization Controls (SOC) compliance is an industry-standard way for service providers to verify that its controls and processes around systems and data follow a high standard, and that they clearly outline potential risks for customers or partners that work with the organization. SOC audits for service providers such as Qube are performed by an independent Certified Public Accountant (CPA) or similarly accredited accountancy. 

What Does a SOC 2 Audit Cover? 

SOC 2 audits examine a service provider’s operations, vendor management programs, risk management processes, and regulatory oversight, among other critical functions related to data security. SOC 2 audits require that service organizations ensure that data is transmitted, stored, processed, and disposed of according to SOC guidelines established by the American Institute of Certified Public Accountants (AICPA).  

The non-financial controls that comprise SOC 2 reports are based on the AICPA’s Trust Services Criteria (TSC). This criteria includes pillars such as data security, processing integrity, and confidentiality.   

Qube’s SOC 2 Type I Report Affirms Our Data Security Controls 

Qube’s SOC 2 Type I audit focuses on the data security pillar, and specifically that our customers’ data and information are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the confidentiality or security of that data. 

Qube’s SOC 2 Type I audit includes management’s description of our organization’s data security systems, and the auditor's assessment of the suitability of the design and implementation of applicable controls. Key findings in the audit include: 

• Qube has implemented policies and procedures governing the protection and confidentiality of sensitive customer information. 

• Incident Response Policy and Procedures have been implemented to guide preparation, detection, response, analysis and repair, communication, follow-up, and training for any class of security breach or incident. 

• Qube has performed a risk assessment relevant to the security of its business operations, and has designed and implemented controls to mitigate these risks.

Qube’s Ongoing Commitment to Data Security 

Qube is committed to building trust with our partners and ensuring our customers’ data security. Our SOC 2 Type I audit report affirms the design of Qube’s security processes at a specific point in time and verifies that we have effective controls in place. The next step for Qube is to undergo a SOC 2 Type II audit, which will verify that we are maintaining these controls over time and demonstrate our ongoing commitment to securing our customers’ most valuable assets.