1. Knowledge Base
  2. General Questions

Viewpoint Earns SOC 2 Type 1 Certification

On February 1, 2019, Viewpoint earned SOC 2 Type 1 certification on seven products. But what does that mean?

See the official announcement from Viewpoint here.

First of all, at Ryvit, we're very proud to be partners with Viewpoint, as their dedication to data security and software reliability is second to none in the industry. Obtaining SOC 2, Type 1 certification reinforces their security commitment, proving that they have controls and the associated procedures, designed to provide a secure cloud platform.

What is SOC 2?

(per the experts at RSI Security)

Service organization control (SOC) 2 is an auditing procedure designed to ensure that third-party service providers or simply, service organizations, can securely manage data to protect the interests and privacy of its clients. For many businesses, compliance with this auditing procedure is a prerequisite in looking for a service provider.

Prior to SOC 2, the standard for auditors was the Statement of Auditing Standards No. 70 (SAS 70) which was performed by certified public accountants. Introduced in the early 90s, the intent of the SAS 70 was to report on the effectiveness of different internal function controls.   In the 2010s, the AICPA introduced SOC 1 and SOC 2 reports to address the growing requirement of firms to prove and announce their state of security.

The Principles of SOC 2

Developed by the American Institute of CPAs (AICPA), it sets criteria for managing customer data based on trust service principles of data– availability, confidentiality, processing integrity, privacy, and security.  For our purposes, we'll focus on Security.

Security is commonly applied to all engagements and addresses whether the system protects against unauthorized access.  Access controls can prevent security breaches such as disclosure of information, misuse of software, unauthorized removal of data, and potential system abuse.

What does all that mean?

In plain English, this essentially means that Viewpoint Cloud customers will have multiple servers for multiple purposes, including data storage and third-party applications.

For security, manageability, and stability reasons, Viewpoint's architecture and security teams now require that only Viewpoint products be installed on the Vista servers, which means that Viewpoint customers who wish to integrate third-party applications with their Viewpoint databases will need to activate a separate server.
Not only is this a much more secure format, but it also creates service efficiencies, troubleshooting efficiencies, and maintenance efficiencies.

Action Items

If you're a Viewpoint Cloud customer and you currently leverage third-party applications (or plan to in the future), contact Viewpoint support for further details.

If you'd like a copy of Viewpoint's SOC 2 Type 1 report, you can contact legal@viewpoint.com. Be prepared to sign an NDA, as the report contains confidential information.