As announced in a recent press release, SunDance has earned the advanced SOC II Type 2 Certification for customer data security, building on our established SOC II Type 1 Certification.

What is SOC?

The American Institute of Certified Public Accountants (AICPA) established a defined set of System and Organizational Controls (SOC) in 2010 to govern organizations who provide services to other companies in the U.S.

The SOC II category defines information security controls, which the AICPA refers to as “Trust Services Criteria.” Service providers voluntarily choose to adopt and comply with these controls in order to become SOC Certified for the benefit of their stakeholders. (There is also a SOC I category that defines financial controls.)

Why is SOC II So Important?

The SOC II cybersecurity protocols have two objectives. The first is to deliver expert security guidance for service providers. The second is to instill greater confidence or trust in their customers, who share sensitive data with them in the course of using their services. One example would be a direct marketing firm who shares their customer database with a commercial fulfillment company.

SOC II incorporates globally accepted data security principles, including a majority of those found in the ISO 27001 and COSO frameworks. It prescribes specific security protocols for the collection, use, retention, and disposal of customer data while in a service provider’s care, including the personally identifiable information (PII) held by virtually all businesses, and the protected health information (PHI) managed by the healthcare industry.

By properly implementing these security protections, a service provider can achieve SOC II compliance and certification—as long as their security implementations are audited, with detailed reporting and attestation, by a qualified third party assessor. SunDance was audited by A-LIGN, a security and compliance firm trusted by more than 4,000 global organizations to mitigate cybersecurity risks and certify compliance with a wide range of security standards, from SOC and ISO to HITRUST, PCI and more.

SOC II offers two levels of compliance and certification: Type 1 and Type 2.

• SOC II Type 1 Certification attests that a service provider’s adopted security controls meet the Trust Services principles of SOC II Type 1 at the time of the audit.
• SOC II Type 2 Certification validates the operational effectiveness of the implemented security controls over an extended period of time (generally from nine to 12 months), thereby providing a longer and deeper view of information security at the service provider organization.

The Value of SOC II Type 2 Certification

Achieving the Type 2 level of compliance and certification requires a service provider to make a significant investment of time, effort, and budget as compared to Type 1 compliance. SunDance made that investment, implemented the prescribed security controls, underwent compliance auditing and reporting, and was awarded SOC II Type 2 Certification. As a result, SunDance clients now enjoy an advanced level of cybersecurity for the mailing lists, databases, campaign metrics, and other information they entrust to our care.

SOC II Type 2 Certification also allows service providers to share with customers and other stakeholders relevant information about the systems, processes, and controls they have in place to detect and prevent security incidents and respond to data breaches should they occur. Additional information is available on the AICPA website.

Trust Your Data Security to SunDance

SunDance is proud to foster a company culture focused on providing security, privacy, confidentiality, availability, and processing integrity for the customer data entrusted to us by our clients and, indirectly, by their customers. Our recent SOC II Type 2 Certification demonstrates that we continue to walk the talk. In addition, experienced SunDance printing, packaging, and mailing professionals have the tools necessary to guide and support your competitive direct mail and fulfillment campaigns for 2025 and beyond.