Is SOC 2 Compliance Important for PHAs?
As a trusted technology advisor to hundreds of top performing Public Housing Authorities (PHAs), Emphasys takes information security very seriously.
To formalize and quantify a company's internal controls related to information security, the American Institute of CPAs (AICPA) developed a compliance requirement called SOC 2. SOC 2 is designed for those providers who store customer data in the cloud, which means any affordable housing technology company storing customer data must meet SOC 2 compliance requirements in order to minimize risk and exposure to a PHA's data.
The SOC 2 requirement is more than just a technical audit. It establishes that a company follows strict information security procedures and policies, including the security, availability, processing, integrity, and confidentiality of customer data. Further, being SOC 2 certified assures a client that information security at the provider is in line with the special needs of today's cloud requirements.
Be sure to ask your housing software vendor if they are SOC 2 compliant when shopping for your PHA's next business management software solution. Mitigating risks is a very important part of running a PHA and partnering with a vendor who is SOC2 certified will ensure that you are working with an organization that complies with all of the Trust Service Principles of security, availability, confidentiality, processing integrity, and privacy.
Emphasys is pleased to report that we are wrapping up our SOC 2 certification and expect to be SOC 2 compliant shortly.