Manufacturers Can Sleep Well As Corevist Completes SOC 2 Type 2 Examination

Logo courtesy of AICPA.

Here at Corevist, we manage the entire technology stack for our clients’ B2B portals and eCommerce solutions. From the front-end UI to SAP ERP integration and everything in between, we cover it all.

It’s a lot of responsibility for a managed cloud solution provider. When it comes to our clients’ solutions, we take data security, availability, confidentiality, and data processing integrity seriously.  

That’s why we’re thrilled to announce that we’ve completed our SOC 2 Type 2 examination through the independent auditing services of Bernard Robinson & Company, L.L.P. While we can’t share details of the report publicly, we can give you an overview of what this means for our clients (and for those considering doing business with Corevist).

Here’s the background on our SOC 2 Type 2 examination and what it means for you.  

Background: Completed SOC 2 Type 1 Examination in 2020

A SOC 2 examination has two steps.

Step 1 is a SOC 2 Type 1 examination, in which the auditor simply examines our business processes and systems at a point in time to see if we have controls and policies designed to meet our objectives relevant to the Trust Services Criteria. (That standard is TSP 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy.) If we didn’t have these policies in place, we couldn’t move on to the second step (in which the auditor would test us for the operating effectiveness of our controls).

Bernard Robinson & Company, L.L.P., performed this examination for Corevist in 2020. They found that we had such controls and policies designed appropriately, which meant we could move on to our SOC 2 Type 2 examination.  

But as everyone knows, it’s easy to write policies. For some organizations, it’s much harder to stick to those policies every day. To do so, you need processes and company culture that enforce those policies 100% of the time—on every ticket, every line of code, day in and day out.

Our SOC 2 Type 2 examination

A SOC 2 Type 2 examination must cover a specific period. Bernard Robinson & Company, L.L.P. audited Corevist systems and processes from Dec 1 2020 to Nov 30 2021.

While we can’t discuss the details, we’re thrilled to share what they mean. Our exam provides our clients with peace of mind regarding data security, availability, processing integrity, and confidentiality.

Comparing Corevist to the alternative

Is SOC 2 Type 2 really such a big deal?

Is Corevist really that different from the alternative?

Absolutely. To our knowledge, Corevist is the only B2B portal and eCommerce solution that 1) includes deep SAP ERP integration, 2) is fully managed, and 3) has completed a SOC 2 Type 2 examination.

Under alternative approaches, you would need multiple vendors working as a team to deliver this type of solution. While any one of those vendors may have completed a SOC 2 Type 2 exam, your architecture as a whole is only as good as the weakest link.

For example, say you have 5 vendors responsible for your B2B portal (or your B2B eCommerce store). Four vendors have completed SOC 2 Type 2 but one hasn’t. Unfortunately, those 4 vendors don’t matter. There’s still one link in the chain that doesn’t provide that level of confidence.

This is why we say We’ve Got Your Back. We take care of the entire technology stack so you can focus on your core business—and our SOC 2 Type 2 examination is a key part of that value.

Want to learn more?

While we can’t share the results of our SOC 2 Type 2 examination publicly, we would love to share it with you privately. Fill out the contact form below and request to see the report.  

Subscribe to B2B Bites

Your monthly bulletin on all things SAP, B2B eCommerce, and customer portals, with a focus on what matters most.

About Author

Justin Diana

Justin Diana has over 15 years of experience in the technical, software and networking industries. He focuses on managing Corevist′s data center operations to ensure our SLA’s are met, our products are secure and our customers and partners can sleep at night knowing we have our product infrastructure well under control.