In early 2025, BCMI successfully completed an extensive and thorough audit process of its security. Why? So, our customers and their customers can rest assured that their data is protected with us. And the end result was just that.
Achieving SOC 2 Type 2 highlights our industry-leading data security practices and compliance standards. All users of our software can trust that BCMI is a critical part of their data security practices. We offer the protection of the Amazon Web Services for cloud-data hosting plus SOC 2 Type 2 compliance within the BCMI platform. We take on the responsibility of these security practices so you don’t have to and can focus more on your day-to-day operations.
What is a SOC Report?
A System and Organization Controls (SOC) report is an auditing tool to review the trustworthiness of an organization and its systems. The report is an independent, third-party validation of a service organization’s commitment to evidencing the design and effective operation of its controls. An audit determines an organization’s ability to securely manage the data it collects from its customers and uses during business operations.
Calibrated to your specific service commitments and Service Level Agreements (SLAs), these audits demonstrate a dedication to maintaining high standards in managing customers’ data.
What’s the Difference Between SOC 1 and SOC 2?
The crucial difference between them is that SOC 1 focuses on financial reporting whereas SOC 2 is about data privacy and security. SOC 1 is only relevant to businesses that provide some kind of financial service. SOC 1 report focuses on the controls that affect the entire financial reporting process in an organization. SOC 2 is aimed at companies that handle sensitive client data and need to prove proper security in this area, especially for those handling customer data in the cloud (such as BCMI’s Cloud-based Dispatch).
SOC 2 audits evaluate controls across five key trust service criteria: security, availability, processing integrity, confidentiality and privacy, which evaluate and are calibrated to specific service commitments and SLAs to demonstrate an organization’s dedication to maintaining high standards of data management.
5 Key Trust Service Criteria
- Security: Security Controls to check if it’s properly protected against unauthorized access or modification.
- Privacy: Privacy as it relates to how personal information is collected, used, and retained, disclosed, and disposed of in accordance with pre-stated policies. Although the Confidentiality category applies to any sensitive information, the privacy category applies only to personal information.
- Availability: Whether or not an organization’s system is available for operation and in use as it’s committed to be.
- Confidentiality: If confidential information is being properly protected or handled.
- Processing Integrity: The processing integrity of a business’ systems.
What’s the Difference Between SOC 2 Type 1 and 2?
SOC 2 Type 1 is a point-in-time assessment, while Type 2 is an assessment over time.
A SOC 2 Type 1 report will only test the relevant trust services at a single point whereas Type 2 will look at how these controls are functioning over a long period, typically about six to 12 months.
A Type 2 report paints a more robust picture of the operational effectiveness of privacy measures. It’s far more in-depth and the sample testing involved takes longer.
BCMI takes protecting your data seriously. Our SOC 2 Type 2 certification for Security, Availability and Processing Integrity means our customers, their customers and future customers are getting the highest standard of security and compliance within the industry.