Carousel Digital Signage has achieved SOC 2 Type 1 and Type 2 compliance for its Carousel Cloud software. Issued by the independent CPA firm Boulay PLLP, the SOC 2 audit reports confirm that Carousel has implemented the appropriate internal controls to protect customer data delivered to digital signage end points in the cloud.
Recommended for SaaS and cloud computing environments, SOC 2 outlines requirements for safeguarding customer data based on the five trust services criteria for security, availability, processing integrity, confidentiality, and privacy. A SOC 2 Type 1 report evaluates the design of security controls at a point in time, while a SOC 2 Type 2 report attests to the operating effectiveness of the controls over a period of time. Carousel Digital Signage achieved Type 1 status as of January 31 and successfully completed its first Type 2 assessment period ending on April 30.
Carolyn Korchik, director of information security and compliance for Carousel Digital Signage, says that offering a SOC 2 report not only validates the security of the Carousel Cloud platform, but it also removes the security fact-finding and operational burdens for new and existing Carousel Cloud customers.
“SOC 2 provides a standards-based framework that is widely accepted in the IT industry, so it simplifies the due diligence and vetting process that end users would otherwise need to endure on their own to ensure proper data handling,” said Korchik. “We save customers time, money, and resources by incorporating SOC 2 principles into everything we do – and then confirming it through third-party assurance. This improves the Carousel Cloud experience for all users, allowing them to focus on their content and digital signage initiatives.”
Korchik led the charge for both compliance achievements, working carefully to actively monitor security related procedures and controls and collect evidence for auditor evaluation. Along the way, Korchik and her team conducted gap assessments and revised policies and procedures to grow and mature Carousel’s information security program and ultimately meet SOC 2 compliancy standards. For her, the process was a labor of love that benefitted from her experience in audit, compliance, loss prevention and physical security working for large household name brands such as Lyft and Target.
“Security is an area that provides a unique opportunity for everybody – including competing digital signage suppliers – to openly collaborate to make sure we are all striving to follow best practices to ensure we are appropriately protecting our customers,” added Korchik. “As SOC 2 requires an annual review process to maintain compliance, Carousel will continue to make investments in this area to ensure the highest level of security and compliance and build and maintain trust with our customers.