RMS achieves significant data security milestones with SOC 2 Type 2 certification, ensuring the highest level of protection and compliance for your data.

What is SOC reporting? 

Service Organisation Control (SOC) reporting uses established standards to report on the appropriateness and effectiveness of a service organisation's internal controls. Customers and prospects then use the report to understand a vendor's internal processes and ensure that their data is being handled with the highest level of protection, compliance and reliability. 

Unlike many other optional reporting standards, SOC certifications require an independent audit. For an organisation to claim any SOC accreditation, an independent auditor must verify and sign off that the appropriate controls are in place and designed effectively. Type 2 reports raise the bar even higher: the auditor must also confirm that controls have operated effectively over a specific period.

There are two types of SOC reports: 

• Type 1 describes a vendor's systems and whether their design meets relevant trust principles. 

• Type 2 details the operational effectiveness of those systems.
  

Understanding the SOC 2 certification

SOC 2 is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SOC 2 outlines essential principles for managing customer data, including security, availability, processing integrity, confidentiality and privacy.  

1. Security

IT security tools such as network and web application firewalls (WAFs), two-factor authentication and intrusion detection help prevent security breaches that can lead to unauthorised access to systems and data. 

2. Availability

The availability principle refers to the system's accessibility, products or services as stipulated by a contract or service level agreement (SLA). As such, both parties set the minimum acceptable performance level for system availability. 

This principle does not address system functionality and usability but does involve security-related criteria that may affect availability.  

Monitoring network performance and availability, site failover and security incident handling are critical in this context.  

3. Processing integrity

The processing integrity principle addresses whether or not a system achieves its purpose (i.e., delivers the right data at the right price at the right time). Accordingly, data processing must be complete, valid, accurate, timely and authorised. 

However, processing integrity does not necessarily imply data integrity. If data contains errors before being input into the system, detecting them is not usually the responsibility of the processing entity. Monitoring of data processing, coupled with quality assurance procedures, can ensure processing integrity. 

4. Confidentiality

Data is considered confidential if its access and disclosure are restricted to a specified set of persons or organisations. Examples may include data intended only for company personnel, as well as room occupancy, rates, and customer contact details and other types of sensitive financial information. 

Encryption is an essential control for protecting confidentiality during transmission. Network and application firewalls and rigorous access controls are used to safeguard information while being processed or stored on computer systems. 

5. Privacy

The privacy principle addresses RMS' collection, use, retention, disclosure and disposal of personal information in conformity with an organisation's privacy notice and with criteria outlined in the AICPA's generally accepted privacy principles (GAPP).  

Personal identifiable information (PII) refers to details that distinguish an individual (e.g., name, address, Social Security number). Some personal data related to health, race, sexuality and religion is also considered sensitive and generally requires an extra level of protection. Controls are necessary to protect all PII from unauthorised access.  

The importance of the SOC 2 Type 2 certification

 We take our commitment to protect your company, employees and customers seriously. The SOC 2 Type 2 compliance is a testament to our commitment to protecting your data to the highest possible levels. 

• Uncompromised data security: SOC 2 compliance ensures that we have implemented robust security measures to protect your data and reduce the risk of potential breaches or unauthorised access. 

• Confidentiality and privacy: SOC 2 certification assures you that your sensitive information is treated with utmost confidentiality, aligning with the highest privacy laws and regulations. 

• Enhanced trust and reliability: SOC 2 compliance demonstrates our dedication to establishing trust, reliability, and secure partnerships with our customers. You can rely on RMS as a dependable technology partner committed to safeguarding your data. 

Benefits for you 

• Peace of mind: With our certified compliance, you can be confident that your data is protected with the utmost care and meets the highest industry standards.
• Streamlined compliance: Our certification simplifies your own audit processes, assuring you that your compliance requirements are also upheld when using the RMS platform.
• Increased efficiency and productivity: Our secure infrastructure allows you to focus on your core business functions, all while knowing that your data is safe.

At RMS, we understand the critical role of information security for all property managers around the world. By choosing RMS, you can be confident that your property management systems requirements will be met with an unwavering commitment to security.   

You can review our SOC 2 Type 2 report and our other compliance certifications at our trust centre.