The Tugboat Logic Virtual CISO Platform receives independent auditor attestation to the five core trust principles of SOC 2
May 28, 2019 (SAN FRANCISCO) – Tugboat Logic today announced that it has successfully completed a System and Organization Controls (SOC) 2® Type I Audit examination for their Virtual CISO Platform. Tugboat Logic retained international business advisory firm Skoda Minotti for its SOC 2® audit work.
“As a security company that prescribes automated guidance to others on InfoSec best practices, it is paramount for Tugboat Logic to practice what we preach,” said Ray Kruck, CEO of Tugboat Logic. “The successful completion of our SOC 2® Type I examination audit provides Tugboat Logic’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line with industry standards and best practices.”
SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the following trust service principles outlined in the AICPA Guide:
- Security – Verifying the system is protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements.
- Availability – Verifying the system is available for operation and use to meet the entity’s commitments and system requirements.
- Processing Integrity – Verifying the system processing is complete, valid, accurate, timely, and authorized to meet the entity’s commitments and system requirements.
- Confidentiality – Verifying that information designated as confidential is protected to meet the entity’s commitments and system requirements.
- Privacy – Verifying personal information is collected, used, retained, disclosed, and disposed to meet the entity’s commitments and system requirements, security, availability, processing integrity, confidentiality, and privacy.
The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design of its internal controls. A service organization may select any or all of the trust service principles applicable to their business, and Tugboat Logic chose to report on all five principles, which illustrates their ongoing commitment to create and maintain a secure operating environment for their clients’ confidential data.
Ben Osbrach, partner-in-charge of Skoda Minotti’s risk advisory group says, “We were excited to work with Tugboat Logic from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.”
Skoda Minotti’s testing of Tugboat Logic’s controls included examination of their policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of their business. Upon completion of the audit, Tugboat Logic received a Service Auditor’s Report with an unqualified opinion demonstrating that their policies, procedures, and infrastructure meet or exceed the stringent SOC 2® criteria.
About – Skoda Minotti
Skoda Minotti is a Certified Public Accounting Firm based in Cleveland, OH offering a variety of tax, finance, and business advisory services in virtually every area of business. The Risk Advisory practice specializes in SOC Reporting, PCI DSS Compliance, FISMA, NIST, ISO 27001, and other regulatory information security assessments. Staff in Skoda Minotti’s Risk Advisory hold several industry certifications including Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Qualified Security Assessor (QSA), GIAC Penetration Tester (GPEN), and GIAC Web Application Penetration Tester (GWAPT). For more information about Skoda Minotti’s Risk Advisory Services, please visit skodaminotti.com/risk.
About Tugboat Logic
Tugboat Logic is the Virtual CISO Platform. Unlike traditional consulting firms, only Tugboat Logic provides an automated framework to demystify the process of setting up a security program. With Tugboat Logic, enterprises can quickly get secure and prove it to customers. Powered by artificial intelligence, Tugboat Logic’s patent-pending technology automates InfoSec policy creation, security certification readiness, and security questionnaire response so enterprises can gain trust with customers and sell more. Tugboat Logic helps reduce certification readiness costs for frameworks such as SOC 2 and ISO27001 by 60%, helps you respond to RFPs 45% faster, and increases sales win rate by up to 300%. Tugboat Logic is a cloud-based subscription service, starting at $499 per month. Free 7-day trial available. You can follow Tugboat Logic on Facebook, Twitter and LinkedIn.