Locus Robotics just completed and documented its first Service Organization Control 2 (SOC2) audit. A SOC 2 audit documents an organization’s business processes and determines compliance with the American Institute of Certified Public Accountants (AICPA) guidelines.
Why is this important for a robotics company? Locus Robotics operates as a Robots-as-a-Service (RaaS) business. As part of its normal operating procedures, Locus Robotics remotely monitors, updates and supports its fleet of mobile robots deployed on customer premises. To communicate with the robots, Locus connects over the internet and through a client’s local network. Locus also stores operational data about a robot fleet running on a customer site.
Before organizations allow any third-party products to connect to their network, they want to ensure they can trust the security and data handling processes of that vendor. SOC 2 is a well established process for auditing and determining the compliance of any service provider. According to Locus Robotics, an SOC 2 Type 2 audit includes a review of the following categories:
- Segregation of duties
- Change management
- User access
- Vulnerability scanning
- Business continuity and disaster recovery
- Data backup and restoration
- Third-party management
- Patch management
An SOC audit employs a certified public accounting firm to audit the service provider and produce an annual report. This is a continuous process, requiring yearly audits throughout the life of a contract.
An SOC 2 report is a custom (and confidential) report produced for a specific contract and company. An SOC 3 report is a public report that a service provider publishes to document its general compliance. The SOC 3 report is for the consumption of potential clients, to ensure that an organization can be trusted and that it has the controls in place to properly manage private data in the cloud and secure communications over the internet.
Locus Robotics recently published its SOC 3 compliance report for the calendar year 2021, and it will continue to update this report on an annual basis. The company also has a dedicated TRUST Center of its website that openly discusses its commitment to security.