At Broadsign, keeping our customer data secure will always be a top priority. That’s why we’re committed to ensuring that our controls, policies, and procedures meet the highest standards and continue to evolve as our business grows. Broadsign has recently achieved another essential milestone in its information security strategy by refreshing its SOC 2 Type 2 compliance with constant monitoring since the last reporting period—widely regarded as the gold standard for information security. Read on to find out more about this globally recognized security accreditation and the value it brings to our clients and partners.
Why SOC 2 compliance matters in 2024
Data continues to be the most valuable asset in the world, ahead of oil, according to Forbes. It can help your company meaningfully engage with customers, make informed business decisions, and gain a competitive advantage. First-party data is especially significant in the digital signage space, where it has become an integral part of dynamic DOOH campaigns and a prerequisite for enabling programmatic selling. But as the value of organizational data has grown, so too have the security risks. Attacks targeting cloud resources are on the rise, and enterprises need help understanding which cloud-based service providers they should consider working with to ensure their sensitive data stays secure. That’s where a SOC 2 report comes into play.
SOC 2 compliance is a voluntary step taken by Broadsign, as a SaaS and cloud-computing vendor, to provide added trust and assurance to protect its customer’s data in the cloud. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 (which stands for “System and Organization Controls” 2) evaluates the internal systems and security controls a tech service business uses to protect customer data in the cloud. As digital threats continue to evolve and cybersecurity remains a top business challenge in 2024, SOC compliance has become a gold standard to ensure organizations are adhering to best practices when securing sensitive internal and customer data. Having a SOC 2 report is a badge of trust and an important step in providing our customers with added peace of mind.
What SOC 2 means for our customers
At Broadsign, data security has always been a top priority for both ourselves and our customers. We successfully completed a SOC 2 Type 2 audit back in 2022 and have proudly maintained our security status since then. This time around, we worked with independent consulting firm KPMG to once again perform an audit of our policies and procedures and achieve SOC 2 Type 2 compliance — further reinforcing our ongoing commitment to security within our digital signage platform.
While our security protocols have always been incredibly rigorous, it is our priority to always meet the highest possible security standards. DOOH network owners around the world rely on us to help buy, sell, and deliver out-of-home media, and that means they trust us with their confidential customer data. A SOC 2 certification provides added assurance to our clients and partners and opens the door to prospective enterprises with more stringent regulations around security and compliance requirements. In short, achieving SOC 2 compliance proves our commitment to continually assessing our compliance and data security measures to ensure the highest standards are never compromised—and it should give your company the confidence to choose Broadsign as the most trusted and secure DOOH platform on the market.
“It’s gratifying to renew our rigorous SOC 2 Type 2 audit at the same time that we continue to enhance our digital offerings. With this refreshed attestation, our aim is to enhance the established trust and assurance we have with our customers by undergoing one of the highest forms of independent assurance available in the marketplace today. We’re extremely proud of the entire Broadsign team who worked – and continue to work – tirelessly to achieve and sustain this certification.”
Joe Cotugno, Sr. Vice President International Operations
What’s involved in the SOC 2 certification process?
According to AICPA standards, a SOC 2 audit must be completed by a third-party auditor. The auditor assesses the extent to which a cloud-based service provider’s systems and processes comply with one or more of SOC’s five trust principles, referred to as Trust Services Criteria (TSC): Security, Privacy, Confidentiality, Processing Integrity, and Availability.
What sets SOC 2 apart from other security certifications is that it lets each business decide how best to implement the SOC 2 framework according to its own objectives and operations. It’s not a prescriptive list of controls, processes, or tools. Instead, the auditor evaluates how well a business has implemented controls relevant to the selected TSC Principles and gives their opinion of overall effectiveness for:
- the design of a company’s security program (SOC 2 Type 1)
- the execution of the program over a period of time (SOC 2 Type 2)
The auditor then compiles their opinions and findings into a report (the SOC report) that’s unique to each business and can be used to assure customers of the steps taken to manage their data.
The SOC 2 Type 2 is a rigorous audit that evaluates the execution of an organization’s security program over a period of time – in Broadsign’s case, full coverage from the previous audit. As a result, Broadsign successfully completed its SOC 2 Type 2 audits for a more in-depth review of the ongoing state of its cloud security, providing greater trust and assurance to its customers. For more information, contact your Broadsign representative.