Toloka Successfully Completes a SOC 2 Assessment to Further Data Security

At Toloka, we continually invest in security best practices to ensure that our clients' data stays safe and secure. As part of an ongoing effort, we are excited to announce that we’ve successfully completed our SOC 2 report.

The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. Toloka’s SOC 2 report validates its commitment to data security and protection, as well as compliance with critical standards to mitigate cybersecurity threats.

In this article, we will walk you through the ins and outs of a SOC 2 report and how the report symbolizes trust to clients.

What is a SOC 2 Report?

A SOC 2 report addresses risks associated with the handling and access of data and can be used by a variety of organizations of any size (e.g., SaaS, colocation, data hosting, etc.). Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.

The SOC 2 audit testing framework is based on the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in scope, the third-party compliance and audit firm (in our case, A-LIGN) evaluates whether the organization has the appropriate policies, procedures, and controls in place to manage the identified risks effectively.

There are five Trust Services Criteria. The first criterion, Security, must be included with every SOC 2 report and is referred to as the “Common Criteria.” The remaining four are optional to include:

• Security (required)

• Availability (optional)

• Processing Integrity (optional)

• Confidentiality (optional)

• Privacy (optional) [1]

To pass a SOC 2 examination and successfully receive a letter of attestation, an organization must address controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more.

Know Your Data is Safe and Secure with Toloka

Toloka will provide the SOC 2 report to current or potential customers after they sign a non-disclosure agreement. To request a report, please contact our sales team here.

We hope the steps we have taken help you and your IT teams remain confident in knowing that your data is secure with Toloka.

___________________________________________________________________________

[1] Toloka has received certification for all optional criteria except Privacy.