AMCS is SOC compliant – what does that mean for you?

SaaS solutions free waste and recycling companies from having to manage their own software and hardware, while scaling with them. Such are the advantages of SaaS over installing and configuring their own set-up that more companies every year are adopting this route. But in terms of data protection, companies are at the mercy of their SaaS provider.

Have they done enough to protect you? A completed questionnaire is hardly going to tell you. You need independent validation. The fact is, cloud-based applications based on external infrastructure carry the risk of unauthorized people accessing confidential data.

It gets especially messy if your SaaS provider is outsourcing any part of their operations and in turn, those suppliers are delegating work to their suppliers. Now you’re looking at third-party and even fourth-party risk management.

A provider’s good intentions count for nothing. If they suffer a data and security breach or disruption in service due to a data security issue, the impact on you reverberates from business continuity and a damaged reputation to the compromise of your own customers’ confidential data. It’s doubtful those customers would continue to work with you. You’d also face fines and in a worst-case scenario, lawsuits. 

You must mitigate your risk

You need to be confident that your SaaS provider has been independently validated as working to best practice to safeguard your sensitive data. Even if you feel the provider could pass an audit, you can’t be 100% certain without the proper report on the controls within the organization. Is it really worth the risk?

More than likely, your C-suite doesn’t think so and demands that you only work with SaaS providers who have a SOC 1 report.

AMCS is the first company in environmental services to hold a SOC 1 Type II Report. We now also have SOC 2 Type II. How does this affect our customers? First, let’s look at SOC 1.

How AMCS’ SOC 1 impact you

SOC, which stands for Service Organization Control, is an internationally recognized standard. We were independently audited by the American Institute of CPAs (AICPA) – specifically, one of the four big accounting firms – to ensure accurate financial reporting. SOC 1 is designed to keep relevant parties accountable and protected as pertains to financial reporting, and includes two types: Type l and Type ll.

This is in essence a snapshot. The report describes the organization’s system as a whole while assessing their internal controls in place on that date.

SOC 1 Type ll: This is a “Report on Management’s Description of a Service Organization’s System and the Suitability of the Design and Operating Effectiveness of Controls.” Type ll includes the demands of Type l but is far more rigorous: it addresses the design and testing of the controls over the audit period, which is typically between six and 12 months.

A clean SOC 1 Type ll report is proof that AMCS is operating best-practice controls and procedures, which ensures a customer-centric risk-based approach to operations. In other words, we put your needs first. You have the confidence that we practice diligence in protecting your data, can prove the security of controls as they pertain to financial reporting, and keep private information secure.

But is that enough?

What our SOC 2 means for you

SOC 2 is wider-reaching. It defines the criteria for managing all data based on any of the five “trust service principles”: security, availability, processing integrity, confidentiality, and privacy.  Just as SOC 1 has two types, so does SOC 2.

SOC 2 Type l: Describes the vendor’s systems and tells you that they were able to meet the relevant trust principles as of a specified date.

AMCS means reassurance

The scope of the reports relates to controls over AMCS Platform and specific customers. Working with us provides independent validation of the controls and lessens your own workload. There’s no need to undertake your own audits. Our SOC 1 and SOC 2 Reports tell you everything you need to know – we’ve already received independent validation that we can protect your data.

"Having clean SOC1 and SOC2 reports gives our customers the peace of mind that their financial processing and data security are safeguarded when using AMCS solutions. They can focus valuable resources on other areas of their business,” explains Leonard Dolan, Director of Business Processes and Systems.

“For AMCS, the entire process of control design, audits, and reporting has meant that we’ve become far more robust and efficient in those areas whilst reassuring us that our solutions are solely focused on the needs of customers. As we grow, having processes and controls that can scale to meet the needs of our customers is of utmost importance. The SOC reporting process affords us those capabilities.” 

We already offer the most innovative SaaS platform and modules for the environmental services industry, which have provided customers with up to:

• 25% reduction in miles driven, time on the road, and CO2 emissions
• 15% fewer trucks needed, or driver shifts
• 50% reduction in planning, execution and follow up

Those advantages now come with another benefit: unprecedented peace of mind that all of your data is secure. We invite you to discover the advantages of working with AMCS today. Get in touch!

View our Delivering Service and Security - the case for a SOC report Infographic.