Certified SOC Type II Secure Data Recovery Service

Promoting an Open Certification Model

We’re firmly committed to helping you establish a traceable chain of trust for your hard drive recovery operations. We’ll always make our certified SOC Type II credentials publicly available for your perusal, and we think other data recovery services ought to do no less.

You’ve already suffered through enough hardship during your initial data loss. Why should the recovery process be fraught with uncertainty as well? View our credentials here or download a PDF copy for further use. Whether you need to maintain a private record of your recovery vendor’s certification for internal business purposes or demonstrate your dedication to security to your own clients and stakeholders, TTR Data Recovery makes it easy to access the documentation that backs you up.

What Does Certified SOC Type II Secure Data Recovery Guarantee?

SSAE 16 SOC 2 Type II secure data recovery practices ensure that your organization remains compliant. Laws like the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act of 2002 and the Gramm-Leach-Bliley Act of 1999 hold you to extremely stringent standards, and that’s to say nothing of the additional legal hoops your home state makes you jump through. By working with an organization whose certification goes above and beyond individual pieces of legislation, you stay covered.

The rules dictate that you maintain positive control over sensitive information, like patient records and consumer addresses, and you aren’t excused from liability simply because you’ve sustained a major hardware failure. If your hard drive or RAID data recovery service doesn’t also handle your information properly, you’re just as responsible for any outcome that arises.

Undergoing routine audits lets our organization confirm that our clean rooms, personnel and procedures are all conformant with stringent data-handling standards. We never lose track of information or allow unauthorized access because we operate within a framework that neither tolerates laxity nor accepts oversight. In addition, our conformance with SSAE standards also means our security systems are regularly policed, updated and strengthened, so we’re just as well equipped for confronting tomorrow’s threats as we are for handling known dangers.

SSAE 16 and SOC reports defined

SSAE 16 or Statement of Standards for Attestation Engagements no. 16, is a set of auditing standards, put in place by the American Institute for Certified Public Accountants (AICPA), for evaluating the internal controls employed by a service organization. SSAE 16 supersedes the Statement on Auditing Standards no. 70 (SAS 70) and became effective in June 2011.

SSAE 16 has three different kinds of Service Organization Controls (SOC) reports:

SOC 1

This report focuses on controls at a service organization which could be relevant to internal control of user entities over financial reporting.

  • Type I report is a point-in-time report of a service organization’s system, including tests, to assess whether the design of control is suitable to the objectives.
  • Type II report, usually covers a 12-month period, include the description of the system, including test of the design and the operating effectiveness of the internal controls over a specified period.

SOC 2

This report is focuses on the internal controls at a service organization specific to compliance or operations; based on the 5 Trust Principles:

  • Security - That the system is secured and protected against unauthorized access whether physical or logical.
  • Processing integrity - That the system processing is complete and accurate, as well as it is timely and authorized.
  • Confidentiality - That “confidential” information is protected in accordance with the agreement or policy
  • Availability - That the system is available for operation and that the use of the system conforms to what was committed or agreed
  • Privacy - That the collection, use, retention, disclosure, and disposition of personal information is in accordance with the commitment stated in the entity's privacy notice, as well as it conforms with the criteria set forth in the GAPP (Generally Accepted Privacy Principles) of AICPA.

The SOC 2 report structure is similar to that of the SOC 1 report:

  • The Opinion Letter
  • Management’s Assertion
  • Description of the System
  • Description of Tests and Results
  • Additional Information

The scope of audit would depend on the type of organization, in that, some or all of the 5 Trust Principles would be included.

  • Type I report is a point-in-time report of a service organization’s system that is in the scope of audit, as well as management description of the system and the controls in place specific to the system.
  • Type II report includes the management description of the system included in the scope of audit, including the suitability of the design and the operating effectiveness of the internal controls specific to the system; usually over a 12-month period. The report also includes the tests undertaken and the auditor’s opinion.

SOC 3

This report is akin to the SOC 2 report, except that it is not restricted use, meaning, it is for public use.

Secure Data Recovery That Meets Your Diverse Needs

Working with a compliant hard drive recovery service like TTR also helps data-dependent organizations harmonize their standards conformance. Our SOC 2 Type II certification doesn’t mean we slack off elsewhere; on the contrary, the hard work it takes to maintain SSAE certification also finds applications in other domains. Our dedication to staying on top of industry best practices means we’re one of the world’s few companies also certified by ISO 9001 Data Recovery and IACRB Professional Data Recovery standards. No matter how your corporate mandate dictates you protect your data, TTR Data Recovery makes it easier to fulfill your mission objectives.

Why are SOC reports important in service organizations like TTR Data Recovery Service?

The increasing number of users taking advantage of cloud-based services and businesses outsourcing functions to service organizations, have in part brought about the creation of SOC reports. Since service organizations are responsible not only for the services it provides, but also for maintaining the confidentiality and protection of sensitive data, SOC reports assures transparency on the specific internal controls employed by service organizations, as well as test of the control’s effectiveness.

TTR’s Data Recovery services such as RAID Data Recovery and HDD Data Recovery use processes and facilities that is compliant or exceed ISO 9001 standards when it comes to quality of management systems. Our IACRB certified technicians observe SOC Type II security protocols, in keeping with our commitment to providing the highest level of service that puts safeguarding confidential and sensitive information at the top of our priorities.