Security: InnovaSafe’s system has controls in place to protect against unauthorized access (both physical and logical).
The security principal requires service organizations to have in place highly formalized and documented policies, procedures, and processes. More specifically, it means having documentation stating the policies, and then actually having personnel undertaking the stated procedures. Ultimately, this mandates that service organizations put in place a large number of information security and operational policies, procedures, and other supporting documentation. There are two types of SOC 2 reports: Type I and Type II.
The Type II report is issued to organizations that have audited controls in place and the effectiveness of the controls have been audited over a specified period of time. The Type I report is preliminary to the Type II report and is based on the ability to test and report on design. Type I reports are issued to organizations that have audited controls in place, but have not yet audited the effectiveness of the controls over a period of time.