All Collections
Security Controls
Security Audits and Compliance Policies
SOC 2 Compliance with Electric
SOC 2 Compliance with Electric

Electric's IT services can help you meet key security control requirements that are critical for becoming SOC 2 compliant.

Updated over a week ago

Introduction

The majority of our clients require some form of formal security compliance. Electric conducts an annual SOC 2 Type 2 audit of Electric’s own security controls. This part of Electric’s vendor management process and can be reviewed as an addition to your compliance audits.

This article provides more information about how Electric can help your company achieve SOC 2 compliance. Please note, not all controls are available for all packages and some of the services listed below may incur additional costs.

Scope of Support

Electric's services cover the devices, networks, and users within our scope of support. While this can significantly contribute to your security posture, our services do not include policies, audits or comprehensive controls considered out of scope. To learn more about how Electric can support your company, review our Service Details.

For any services out of scope for support, you may leverage Electric's best in class network of partners.

Logical and Physical Access Controls

  • Manage access for in-scope users, networks, workstations and SaaS applications.

  • Onboard and offboard your end users as requested.

  • Manage access to supported applications based on criteria determined by your company's human resources or hiring manager.

  • Implement measures such as automated patching, firewall, disk encryption, password complexity, and installation protection on in-scope workstations.

  • Implement a VPN through a supported network appliance or through our partner Perimeter 81 for a cloud-based VPN as requested.

  • Physically destroy or securely wipe de-provisioned devices as requested.

  • Configure access for in-scope systems based on capabilities as requested.

  • Restricting local administrative access on workstations as requested.

  • Implement Malwarebytes or other supported endpoint protection tools as requested.

System Operations

  • Implementing device management software on all in-scope endpoints and default endpoint hardening that is enforced by JamfPro or Kaseya.

  • Report workstation configuration details and metrics in Electric’s platform Turbine.

Change Management

  • Logging and making changes via requests submitted through Slack & Microsoft Teams, with authorized approval.

Communications

  • Producing a network diagram for office architecture upon request.

Risk Management/Design & Implementation of Controls

  • Report on inventory and base configurations for all in-scope and actively managed workstations.

Monitoring of Controls

  • Track compliance of Electric’s recommended endpoint hardening standards within the Turbine IT Scorecard.

Availability

  • Recover systems and data in the event of a crash or ransomware attack through our managed partner portals or or your supported backup vendor of choice.

Confidentiality

  • Deploying and maintaining Electric’s Default Security Controls on enrolled devices, including automated patching, firewall, screen lock, disk encryption, minimum password length, and installation protection.

Did this answer your question?