LA’s Enplug Completes Detailed SOC 2 Data Security Audit
April 22, 2020 by Dave Haynes
This is over-the-top nerdy, but I am posting this not because of the news, but because of the explanations from the software vendor as to why you should care.
LA-based CMS software Enplug has announced it has completed its SOC 2 Type 2 audit, “an intensive six-month audit by Coalfire, an independent cybersecurity firm, to objectively measure Enplug’s adherence to key trust factors of secure data processing and storage.”
Enplug says in its announcement that while many digital signage CMS vendors emphasize the importance of security, far fewer walk the talk and get an audit done.
“Achieving SOC 2 Type 2 compliance is widely regarded as one of the most comprehensive measures of a company’s commitment to securing customer data, and a key differentiator that sets Enplug apart from other digital signage CMS providers.”
“Going through the exhaustive SOC 2 Type 2 audit process has been a worthwhile investment of our time to demonstrate our deep commitment to data security,” said Enplug CEO Nanxi Liu. “We’ve always prided ourselves on helping our customers build secure digital signage networks, and this latest milestone is further validation of our commitment.”
Why SOC 2 Type 2?
SOC 2 Type 1 and Type 2 audits are similar in what they measure, with the latter being more comprehensive. In Enplug’s case, the company was audited on security. What sets Type 2 apart from Type 1 is that Type 1 audits evaluate trust factors at a single point in time, whereas Type 2 audits assess performance against trust factors over a period of six months. Therefore, a Type 2 audit demonstrates the company’s ability to not only meet trust factors at a single point in time, but also adhere to them over a sustained period.
Why SOC 2 Compliance Matters
SOC 2 compliance is relevant to any business offering Cloud-based services. Compliance is particularly important to the digital signage industry as a growing number of signage networks are managed remotely. SOC 2 Type 2 compliance is not mandated for digital signage service providers, however Enplug chose to undergo the rigorous audit to underscore its deep commitment to the security of its digital signage platform.
I have damn near nothing to add here. I thought when I first read the PR that SOC referenced System On Chip, or what are more loosely called “smart” displays. Yeah, no.
My collective wisdom on this sort of thing amounts to confirming security processes and audits seem like a good idea. So, umm, yay Enplug!
Many companies may have had these audits done, but in Googling, the only one I came up with, apart from Enplug, is Broadsign. I’d imagine companies that work with the financial services sector would see this requirement in RFPs.