We have an announcement- number8 is now a SOC 2 compliant organization!
Oliver Ray – Roughly a year ago, our management team had a discussion about the impactful investments our organization could make to establish a more secure future for number8. These conversations quickly crystalized into a clearly defined need to adopt and implement a standardized framework for control and oversight activities related to our consulting offering. The management team set out to find the most appropriate audit and control framework for our remote software development consulting services.
Through multiple client and prospect interviews we landed on the SOC 2® – SOC for Service Organizations: Trust Services Criteria that has been defined by the American Institute of CPAs (AICPA). The SOC 2 standard creates consistent reporting on controls enacted throughout a service organization that are relevant to security, availability, processing integrity, confidentiality, and privacy. These reports are intended to play an important role in the oversight of an organization. They also establish key processes for internal corporate governance and risk management processes, as well as regulatory oversight. The last key advantage of the SOC 2 standard is the ability to continually enhance different controls to suit the needs of clients. At number8, we value the creativity of helping clients get more work done and reduce the barriers to deliver quality software.
Due to the number8 track record of high-quality client interactions, SOC 2 seemed to be the ideal standard for us. There have been no major security incidents in the 11 years number8 has been in operation even as we’ve grown our team to over 200 consultants distributed across 14 countries.
Our long-term commitment to our clients and our consultant’s long-term commitment to development has certainly had an impact on our ability to provide secure processes to our clients. More than 50% of number8 consultants have been in some form of a development role for more than 8 years and 75% of our current consultants have been working with the same client for more than 1 year.
While working through the preparation of our most recent SOC 2 report, it became clear that the standards and control framework established by the AICPA matched closely with the corporate values defined at number8. We have developed our core values with our clients firmly in mind. Not just as they are today, but how they will evolve in the future. Specifically, 3 of our 8 values were prominent in this decision:
- Everyone at number8 is Customer Obsessed – we guarantee our client needs are met. We adopt our clients’ products and challenges as our own.
- We always Embrace Transparency – we ensure all work is completed with the highest degree of quality, honesty and integrity. We seek to own our errors, be realistic about the expectations we set, and express courage in asking difficult questions. We are open about everything we do.
- Every consultant the comes to number8 Builds for the Future while Prioritizing for the Present – It is imperative for the success of our clients to consider the impact that daily decisions have on the future of their organization. number8 consultants consider future impact; while increasing velocity today.
-Oliver Ray, Managing Director