Black Box, a global solutions integrator, announced that it has completed its System and Organization Controls (SOC 2) examination relevant to its information security practices, policies, procedures, and operations. SOC 2 is a compliance standard developed by the AICPA (American Institute of CPAs) specifying how organizations should manage data from customers.
For a SOC 2 examination, an independent service auditor evaluates and verifies the suitability and effectiveness of a service provider's controls related to security, availability, processing integrity, confidentiality, and privacy. Those five areas, known as AICPA's "trust service criteria," are all critical factors in providing overall assurance around business services.
The SOC 2 examination indicates that Black Box has defined operations, policies and procedures covering all requisite aspects of security, availability, processing integrity, confidentiality, and privacy. This includes management oversight of critical parameters that are important to business operations, and team ownership for important areas, such as regularly monitoring for malicious or unrecognized activity, risk footprint, and appetite; security technology strategy and system configuration changes; access controls; and business continuity and disaster recovery plans.
"With today's continuous and sophisticated cyberattacks across industries and geographies, there is a dire need for all organizations to take a security-centric approach before engaging with any service organization, including vendors, partners and service providers," said Nikesh Dubey, vice president, information security at Black Box. "Our customers need the required infrastructure, tools, processes, and oversight to protect their information, security, and privacy against unauthorized access and exploits, both from within and outside the organization. The result is a safe environment for conducting business."
The SOC 2 examination is carried out through an annual external audit. Black Box first achieved SOC 2 compliance in 2020.