Remanster undergoes rigorous independent third-party SOC 2 audits conducted by a reputable certified public accountant (CPA) firm, E Com Security Solutions, to certify individual products on a regular basis. The audit firm evaluates whether Remanster’s compliance controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.
System and Organization Controls (SOC) 2 reports are independent third-party examination reports that demonstrate how an organization achieves key compliance controls and objectives.
SOC 2 reports are based on the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) existing Trust Services Criteria (TSC). The purpose of the report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
SOC 2 reports are attestation examinations that are conducted in accordance with the SSAE 18 standard, specifically section AT-C 105 and 205, governed by the AICPA.
Accessing SOC 2 reports
Remanster regularly undergoes third-party audits for our products, systems, and infrastructure related to this standard. The SOC 2 reports are generated by an objective third party attesting to a set of assertions made by Remanster about its controls that are in place to protect customer data. The audit firm, E Com Security Solutions, evaluation includes comprehensive testing of the design and operating effectiveness of the controls within the audit period.
Customers may use the SOC 2 report to assess the risks arising from interactions with the assessed Remanster systems throughout the period.
Who performs the independent third-party audit?
Remanster independent auditors are E Com Security Solutions (www.ecomsecurity.org).
How does a SOC 2 Type II report differ from a SOC 2 Type I report?
A SOC 2 Type I report covers the design of the service organization’s controls at a specific point in time. A SOC 2 Type II report covers the design and operating effectiveness of the service organization’s controls over a period of time. For example, a SOC 2 Type I may assess the service organization’s controls as of today, but a SOC 2 Type II assesses the service organization’s controls within the past six months. Remanster only issues SOC 2 Type II reports.