Case Studies
Contact Us

Contact Us

More information coming soon
Back
ELBX Online 2024

SOC 2 Type II Compliance

What is SOC 2?

SOC stands for “System and Organization Controls” and is a framework governed by the American Institute of Certified Public Accountants (AICPA).

The AICPA has defined five Trust Services Criteria (TSC) that service organizations can choose to meet: Security, Availability, Processing Integrity, Confidentiality, and Privacy. All SOC 2 reports must cover Security. In addition to Security, service organizations can choose to add additional criteria to their report based on what’s most relevant to their business and important to their customers.

Once the TSCs have been chosen, the service provider must define controls to ensure that those criteria are met. For instance, to meet the Security criterion, a service provider might define a control that requires access to all sensitive internal systems to be protected by multi-factor authentication.

In preparing a SOC 2 Type II report, a third-party CPA firm evaluates two main questions. First, are the controls adequate and appropriately designed to address the selected TSCs? And second, are the controls operating effectively in the day-to-day practices of the service organization?

Why We Choose SOC 2

ELB Learning chose to obtain a SOC 2 Type II report because of its acceptance across the industry as a gold standard in analyzing the security program and resiliency of software companies. In doing so, we can provide our customers with a greater degree of assurance that their data will be protected. The report also serves as a vehicle for streamlining the vetting process by the security departments for prospective customers.

We partnered with the security consulting firm Tenebris to define our controls. The firm performing the SOC 2 Type II audit was MHM CPA.

Our first Type II report covers the audit period from July 1 to September 30, 2024. Going forward, we plan to publish a report annually.

Request a Copy of the SOC 2 Report

To receive a copy of our SOC 2 Type II report, we’ll need to have a mutual non-disclosure agreement in place. To start the process, please send an email to legal@elblearning.com. In the subject line, please indicate “MNDA to Receive the ELB Learning SOC 2 Report”.