DNV is proud to announce that it has successfully completed the audits for Type I of System and Organization Controls (SOC) 2® Certification for Synergi Pipeline, its enterprise solution to improve pipeline asset performance and safety. Data security is crucial to our pipeline customers and meeting SOC 2 compliance is a key part of DNV's ongoing commitment to providing the highest level of security for our existing and future customers.
SOC 2 is a highly-desired, international certification that attests that an organization has implemented security controls in line with one or more of the following principles: security, availability, processing integrity, confidentiality, and privacy. The compliance is determined by a series of 3rd party audits over 6 to 12 months to ensure that:
- The organization is regularly monitoring for malicious or unrecognized activity, documenting system configuration changes, and monitoring user access levels.
- The organization has the requisite tools to recognize threats and alert the appropriate parties so they can evaluate the threat and take necessary action to protect data and systems from unauthorized access or use.
- The organization will have relevant information on security incidents so they can appropriately scope the problem, remedy systems or processes as required, and restore data and process integrity.
To be SOC2 certified, an organization has to undergo two stages: Type I and Type II. DNV is pleased to announce that it has received the final Type 1 report which covers all processes and procedures which DNV must follow for compliance with 39 required controls.
"We are committed to ensuring we deliver the highest standards of security for our customers, and the latest step in our security journey has been the pursuit of SOC 2 accreditation. The rigorous scrutiny of our security practices demonstrates our commitment to protecting our customers and the trust they place in us," says Tony Alfano, Pipeline Product Line Director, DNV. "We are proud to note that the Type 1 audits for Synergi Pipeline were completed with no reported exceptions (indications of non-compliance) and suggested only minor process improvements which will be put into practice in our future releases," he adds.
DNV will continue this process with the auditors towards the final Type II certification which entails a review of all Type I processes put into practice within a product release cycle and is targeting completion of this effort and compliance at that level within Q4 2022.