“The SOC audit was an excellent opportunity to confirm the processes we have in place for managing school districts’ private information are secure,” said CNYRIC Data Privacy and Information Security Officer Steven Tryon. “Maintaining the integrity of district data is our No. 1 priority – earning a SOC II certificate reinforces that commitment.”
In order to earn a SOC II certificate, the CNYRIC management team had to provide an abundance of details to auditors regarding their approach to issues of data privacy and security. The audit also included two on-site visits by the auditing team, where they sought demonstrable proof of the CNYRIC’s assorted processes. Included in the assessment were all systems used to contain and manage school district data such as student information systems, financial systems, the data warehouse, food service solutions, digital records, and more.
The auditing process concluded in late summer 2015 with receipt of a final approval letter from the auditing team. The letter acknowledged the suitability of the design and operating effectiveness of the controls the CNYRIC put in place to address data security and privacy. In order to maintain SOC II certification, the CNYRIC will undergo annual reviews of its security and data privacy procedures.
For more information about the SOC audit or CNYRIC’s privacy procedures, contact Steven Tryon at firstname.lastname@example.org