On-demand availability of cloud computing resources, such as platform-as-as-service (PaaS) or software-as-a-service (SaaS), is a critical component of enterprise IT solutions. So it is prudent that users of these services evaluate the service providers’ ability to protect important data. In response, the American Institute of Certified Public Accounts (AICPA) has developed the System and Organization Controls SOC 2 evaluation and reporting framework as a way for service providers to demonstrate trust assurances to customers.
SOC 2 is based on the AICPA Trust Services Criteria. SOC 2 auditors evaluate the design (Type 1) and the operating effectiveness (Type 2) of a service organization’s controls. The SOC 2 reports may focus on a service organization’s controls as they relate to security, availability, processing integrity, confidentiality, or privacy of a system. To learn more about the AICPA and SOC standards, see the following: http://www.aicpa.org/soc4so.
Nintex recognizes that many of our customers rely on our cloud services for important business processes. Therefore, we engaged an independent auditing firm to validate that our internal security processes are in accordance with the SOC 2 framework. The resulting report demonstrates the safeguards Nintex has put in place for people, processes, and technology.
Nintex Workflow Cloud, Nintex DocGen®, Nintex Workflow and Forms, Nintex Xtensions™ and Nintex process analytics are now annually audited by an AICPA-certified third party for compliance against the SOC 2 reporting framework. The audit report for Nintex covers controls for the security Trust Services Criteria. Nintex has SOC 2 Type 1, SOC 2 Type 2, and SOC 3 reports. Use of the Type 1 and Type 2 reports are restricted. The SOC 3 report is publicly available here.
To request a confidential copy of the Nintex Type 1 or Type 2 SOC 2 report, please email firstname.lastname@example.org.