,

Is SOC 2 Compliance Important for PHAs?

Is SOC 2 Compliance Important for PHAs?

As a trusted technology advisor to hundreds of top performing Public Housing Authorities (PHAs), Emphasys takes information security very seriously.

To formalize and quantify a company's internal controls related to information security, the American Institute of CPAs (AICPA) developed a compliance requirement called SOC 2. SOC 2 is designed for those providers who store customer data in the cloud, which means any affordable housing technology company storing customer data must meet SOC 2 compliance requirements in order to minimize risk and exposure to a PHA's data.

The SOC 2 requirement is more than just a technical audit. It establishes that a company follows strict information security procedures and policies, including the security, availability, processing, integrity, and confidentiality of customer data. Further, being SOC 2 certified assures a client that information security at the provider is in line with the special needs of today's cloud requirements.

Be sure to ask your housing software vendor if they are SOC 2 compliant when shopping for your PHA's next business management software solution. Mitigating risks is a very important part of running a PHA and partnering with a vendor who is SOC2 certified will ensure that you are working with an organization that complies with all of the Trust Service Principles of security, availability, confidentiality, processing integrity, and privacy.

Emphasys is pleased to report that we are wrapping up our SOC 2 certification and expect to be SOC 2 compliant shortly.

Not sure what to look for in a hosting provider? Download our “Five Questions to Ask Any Hosting Provider” whitepaper to ensure you make the right choice.

The Whitepaper will be sent automatically to your email.

,

Is your Software Vendor Holding your Data Hostage?

Is your Software Vendor Holding your Data Hostage?

Perhaps an auditor has come to your PHA and requested information that resides in your housing software system. It’s a simple enough request, but to your dismay, you find out you must ask your vendor to retrieve it. Then there’s data export. Many systems in the market today won’t let you export your data out of the software without having to go through some sort of report. Now it really feels like your data is being held hostage.

Here are some questions you should ask your vendor to make sure you can conveniently access your data.

  1. Do you offer a report wizard that allows my PHA to create reports? Do the reports have key data elements as it relates to 50058s, detailed income information, detailed assets, including detailed information on history (vacancies, certifications, unit history, AR information, etc.)?
  2. Can my PHA create a Microsoft Excel report and tie it directly to the database to create reports?
  3. Do your reports automatically export out to Microsoft Excel in the proper format or do you have to modify the report every time you export it?
  4. Will our PHA have to rely on your support department in order to access report-related items?
  5. Do you have a Data Model that you can share with our PHA?
  6. Do you provide our users with training on creating reports?
  7. Do you have training videos for our PHA staff to review?
  8. Do you have a support department that can guide our users through creating basic report queries?

More and more HUD is relying on vendors to deliver and own data, so it’s in your PHA’s best interest to make sure your vendor offers easy and convenient data access. After all, being able to control and trust your data is key to helping your PHA run smoothly.

If you feel your vendor can’t answer these questions and want to know more about how you can own your data, please fill out the contact form below.