Johnson & Quin, a full-service provider of direct mail production and mailing services, announced the successful completion of their 2019 SOC 2 Type 2 examination. The company initially completed its SOC 2 Type 1 examination in 2018.
“Completing the examination verifies that our security processes are consistent, ongoing and sustainable,” explained Manish Haria, VP, CISO and CIO for Johnson & Quin. “Putting a compliance framework in place and having it audited by independent third parties keeps us secure.”
Demonstrating assurance
Johnson & Quin’s efforts allow them to demonstrate a substantially higher level of assurance and operational visibility than companies that have not undergone annual SOC 2 examinations.
As a provider of high-volume, complex communication programmes that require both personalised and variable data printing, this reassurance is crucial for the company and its clients.
Safety of consumer data
Johnson & Quin to reassure their clients that the company is continuously monitoring its security procedures “Johnson & Quin processes millions of records of consumer data each year for our clients, including many financial services, insurance, retail and other industries. It is essential that our handling of their data meets the top security and compliance guidelines not just most of the time, but on an ongoing and consistent basis so that our clients are confident in the safety of their data and marketing materials,” stated Kay Wilt, Director of Marketing.
Many customers request the company’s SOC report as a condition of doing business. The successful examination allows Johnson & Quin to reassure their clients that the company is continuously monitoring its security procedures and investing in critical compliance initiatives.
External audit
“Many clients in the financial and other industries require that their marketing service providers have security procedures and processes that have been audited by outside authorities,” Wilt noted. “It certifies that we do have the controls in place to manage our clients’ data securely on an ongoing basis.”
Understanding compliance requirements
All examination efforts were completed by the professional and independent third-party audit firm, 360 Advanced, Inc.
“360 Advanced helped us understand the compliance requirements based on the type of sensitive data we handle,” Haria noted. “They worked on understanding our business services, as well as the security that was in place to protect the information. [Their] approach to looking at controls was always both risk-based and compliance-based.”
As part of the examination, Johnson & Quin was measured against the AICPA Trust Services Criteria for Security. With the third-party assurance that these criteria have been met, the company can continue delivering direct mail programmes, while assuring that their client's information will remain secure.