Being one of the few SOC 2 certified Managed IT Service Providers in the country, we maintain internal processes and procedures that keep our clients’ data secure and confidential.
CEO & Co-Owner of Parachute
“We are proud to be among an elite class of Managed IT Service Providers that have successfully obtained this status. Today, only 5% of MSPs worldwide have achieved SOC 2 compliance. By going through this process, we are even more capable of guiding our clients down their own IT Security and IT Compliance journeys.”
Why did Parachute decide to obtain this certification?
“We believe today, more than ever, companies need assurances when it comes to matters of support, services, and consultation of business technology, cyber security, and data security. Parachute is in an unregulated industry, and therefore, we know it is necessary that policies and procedures are in place to ensure our clients’ data is protected. We see it as our responsibility to maintain the right Service Operation Controls.”
What does the certification process involve?
“Many different aspects of Parachute’s service delivery was evaluated, and particular attention was paid to security. The third-party auditors also evaluated internal service delivery security practices, business continuity, cyber insurance usage, and many other characteristics which are important in the evaluation process of current and potential clients seeking professional and secure Managed IT Services Providers.”
Parachute successfully completed
the following 3 phases of SOC 2 Certification:
Parachute received third-party, best-practice guidance. Our team participated and contributed to the process. We documented all internal processes and procedures, as well as tools and systems. The Unified Certification Standard (UCS) for Cloud and Managed IT Service Providers verified that we met the following:
Objective 1: Governance
Objective 2: Policies and Procedures
Objective 3: Confidentiality and Privacy
Objective 4: Change Management
Objective 5: Service Operations Management
Objective 6: Information Security
Objective 7: Data Management
Objective 8: Physical Security
Objective 9: Billing and Reporting
Objective 10: Corporate Health
The next step in the process was an audit of all processes and procedures, as well as tools and systems by a third-party verification organization. It was then confirmed that all requirements were in place.
Documentation and Official Report Creation
A 30+ page verification report was created documenting that Parachute is in compliance with the UCS. We then received a 50+ page SOC 2 report that we can provide to our clients. This was an important part of the process for us – transparency. We wanted to make sure that we would have a comprehensive report available to our current and future clients so that they feel comfortable with the viability and credibility of our services.