SOC 2® Compliance — How DMW Locks Your Data
Gary Brodbeck Digital Direct Marketing, Health Care Marketing, Insurance Direct Marketing, Medicare Marketing, Trends and POVWhy the “industry standard” is our S.O.P.
“Privacy” and “Security” aren’t buzzwords anymore.
… They’re critical to doing business today. And protecting data is of utmost importance — especially PHI and PII — requiring 24/7 adherence to strict protocols.
But every client, and every industry, is different. So understanding the way every organization works is key to a successful business relationship. At DMW, we advocate a deep dive to gain a working knowledge of client systems, data security protocols, and their business rules. Over time, we’ve found this truly enables us to fully support clients in reaching their marketing and business goals.
Protecting health insurance and financial services clients.
When it comes to health insurance and financial services, we frequently work with client data that is considered protected and privileged information. Our digital and direct mail programs oftentimes require member data on both the front end for effective delivery and the back end for tracking, optimization, and measurement. That’s why DMW has made substantial investments to put SOC 2® (System and Organization Controls) in place throughout the client workflow.
What makes SOC 2 the benchmark for marketing in this digital age?
Established by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a “Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.”
SOC 2 plays a vital part in fully meeting our clients’ need to secure member data, including:
- Organizational oversight
- Vendor management – printers, lettershops, data processing, and technology vendors
- Corporate governance and risk management processes
- Regulatory oversight
Our first SOC 2 report was issued in 2012 – that was a Type 1 report. In 2013, DMW moved to our current, more comprehensive standard of SOC 2 Type 2. It’s important to note that SOC 2 reporting is not a one and done endeavor. In fact, it’s an annual, rigorous third-party audit and attestation of system internal controls and their effectiveness with ever-evolving, and ever-more-rigorous standards.
In addition to DMW’s system controls, the SOC 2 standard has implications on the selection and management of any underlying service providers used on behalf of our clients – truly each and every vendor that might handle member data. We also deploy our own DMW Vendor Qualification Process and Quality Control Program to ensure client programs are executed at high-quality levels on a consistent basis.
Take confidence from the industry standard.
Few marketing agencies display a SOC certification on their website homepage. But not many agencies have a commitment to serve clients who require and demand such stringent data security.
SOC 2 compliance is an industry standard for control assurance. The protocols we establish and follow help protect client data. It is vital that you can be confident that your business and member data is secure, even when shared. Annual SOC 2 audits attest to the integrity of DMW internal controls, and provide independent verification on the security of our clients’ data.
But we don’t stop at annual audits. New criteria require constant vigilance to comply. That’s why DMW adheres to a continual improvement process for SOC 2. It’s a rigorous approach to evaluating client security requirements every year, assessing the impact of any changes, and then planning and implementing updates to ensure full SOC 2 compliance.
AICPA SOC 2 reporting is not a perceived “marketing advantage” we tout to prospects. It’s assurance that our clients can always rely on DMW with the highest levels of trust and confidence. And that’s data security — and partnership — we feel every client should be able to count on.
Looking for better response marketing with a better ROI and a higher designation standard? Look to DMW, home of the Action Brand™ – we’re just a click or call away.