Introduction
3Floorsup Pty Ltd ("3Floorsup") provides Maintainly maintenance management software on a software-as-a-service basis. No portion of the software is provided as custom software, nor is it hosted in a custom environment for any one customer.
SOC 2 (Service Organization Control 2) is a set of compliance standards established by the American Institute of Certified Public Accountants (AICPA). It focuses on the security, availability, processing integrity, confidentiality, and privacy of data managed by service providers. Compliance with SOC 2 generally suggests appropriate controls are in place to protect the data of their customers.
The purpose of 3Floorsup's approach and status, as it relates to SOC2 compliance, is explained herein.
SOC2 status
Due to the simplified nature of the data being transacted in Maintainly software, including very minimal Personally Identifiable Information ("PII"), 3Floorsup has elected to not be SOC2 compliant, at this stage.
3Floorsup's policy is to:
Minimise, wherever possible, the amount of PII data that is held;
Minimise, wherever possible, the collection of other sensitive data;
Utilise trusted sub-contractors to provide server and content delivery-related security;
Implement robust internal data protection policies and procedures appropriate to the scope and nature of the data that is being collected.
The Maintainly product infrastructure enforces multiple layers of filtering and inspection of all connections throughout the platform. Network-level access control lists are implemented to prevent unauthorised network access to our internal product infrastructure.
Firewalls are configured to deny network connections that are not explicitly authorised by default, and traffic monitoring is in place for the detection of anomalous activity.