SOC 2 Type 2 certification: what it is and why it matters

Cloud data security lock

Data security is essential in the digital age. With cyber threats just a few clicks away, businesses need stringent protocols in place to protect customers’ data. Fortunately, there are many reports, standards, and certifications to help you identify businesses committed to the protection and privacy of your personal data. 

One such report is the SOC2 Type 2 attestation report. This is an important tool for a business with cloud-hosted solutions that are serious about their data protection and privacy measures. At Gallagher, we are proud that our cloud-hosted solutions for Command Centre are SOC 2 Type 2 certified, providing you with peace of mind that we care about the privacy of your information. 

What is a SOC 2 Type 2 certification?

The System and Organization Controls 2 (referred to as SOC2) is a voluntary compliance standard for service organizations. SOC 2 is maintained by the American Institute of Certified Public Accountants (AICPA) and audits are completed by accredited businesses.

What is the purpose of a SOC 2 Type 2 certification?

The purpose of a SOC 2 audit is to test an organization’s internal controls for information security and privacy.  It ensures that the organization processes and stores client data securely and aligns with established best practices outlined in the American Institute of Certified Public Accountants (AICPA) Trust Service Criteria (TSC).

Beyond mere compliance, a SOC 2 Type 2 certification serves as a symbol of trust and transparency for organizations handling sensitive data in the constantly changing world of digital technology. The resulting report demonstrates that a business’s security and confidentiality controls, meet or exceed the requirements established by the AICPA.

SOC 2 Type 2 Principles

There are five principles in the SOC 2 framework:

  1. Security
  2. Availability
  3. Processing Integrity
  4. Confidentiality
  5. Privacy

A business can be audited against any combination of these principles. During the audit process, all systems are reviewed by a trusted external third party to ensure they comply with the AICPA trust principles. This audit captures how a company safeguards customer data and how well the controls are operating.

What are the types of SOC 2 Reports?

There are two types of SOC 2 reports:

  • Type I 
  • Type 2

The SOC 2 Type 1 report focuses on the effectiveness of any processes or procedures at a fixed point in time. Whereas a SOC 2 Type 2 report verifies the effectiveness of those processes and procedures over time, usually a six- to twelve-month period. 

Benefits of SOC 2 Type 2 Certification

SOC 2 Type 2 certification is a must-have for organizations serious about their data protection measures. With data breaches increasing at an alarming rate, businesses are under constant pressure to provide their clients and customers with assurance that their information remains secure. By conducting a SOC2 Type 2 audit, companies demonstrate their commitment to data security and privacy.

Additionally, achieving SOC 2 Type 2 complements existing ISO 27001 standards and can be used to verify that businesses prioritize the security of their customer’s information and data through an independent validation audit. Both certifications determine that proper procedures are in place to ensure customers data is secure, private, and confidential while looking at a business’s service availability and processing integrity.

A SOC 2 Type 2 attestation report not only demonstrates that you have robust controls in place to protect your business and customers from data breaches, but it’s also a great competitive advantage when tendering for new projects and retaining customers.

Why choosing a SOC 2 Certified solution is important for your organization?

Companies in many industries, such as financial services and healthcare, are expected to have SOC 2 certification by their clients. Depending on the complexity and sensitivity of data handled by the organization, some government agencies also demand SOC 2 Type 2 compliance.

SOC 2 Type 2 empowers businesses to comprehensively evaluate their existing controls against established market benchmarks regularly. This proactive audit is important for businesses looking to continuously improve their internal data security controls and identify any gaps or issues that may not have been otherwise identified. By embracing this leap towards transparency, businesses enable robust security measures that safeguard sensitive information while fostering a culture of accountability. A SOC 2 Type 2 is an invaluable tool for any businesses looking to actively demonstrate their commitment to the on-going protection of customer data.

What is included the Gallagher Security SOC 2 Type 2 Report?

Gallagher Security has conducted a SOC 2 Type 2 audit via an accredited third-party. The report covers applications that are grouped under the following Command Centre cloud-hosted services:

  • Mobile Connect
  • Command Centre Web
  • API Gateway, enabling access to Command Centre Mobile

The report outlines our internal controls for the development processes of these products and confirms that they adequately safeguard data internally within Gallagher as well as customer data in accordance with the trust services criteria.

At Gallagher, we believe that data security is of the utmost importance and conducting this audit is one way we can show our dedication to protecting our clients’ data. We are proud of the many regulations, standards, accreditations, and awards we’ve earned by being an industry-leading, cybersecurity responsible vendor. The SOC 2 Type 2 certification further demonstrates our commitment to being the most cyber secure physical security manufacturer.

Is data security important to you? Choose the only physical access control manufacturer, worldwide, with this set of certifications: ISO27001, CAPSS CPNI 2021, AACS 2022, EN50131-4, SOC 2 Type 2.

Meet our team of experts

We have assembled a team of security specialists who are passionate about sharing their knowledge and expertise.


Do you have a question?

Let us put you in contact with one of our team members.


Want to hear more from Gallagher?

Get the latest Gallagher news, updates, and event information delivered straight to your inbox.


Stay up to date with Gallagher

Get the latest Gallagher news, updates, and event information delivered straight to your inbox.

Add your voice - 2025 Security Industry Trends Survey

Take part in the Industry Trends Survey and help shape the future of the security industry. Your opinion matters and we can't wait to hear from you!