Scribbles Software Partners With Lazarus Alliance for AT-101 SOC 2 Report

Lazarus Alliance AT-101 SOC 2 reporting services

Scribbles Software has partnered with Lazarus Alliance to release an independent AT-101 SOC 2 report attesting to comprehensive information security policies and controls.

Lazarus Alliance, a leading cyber security, governance, risk, and compliance (GRC) firm, announces its partnership with Scribbles Software, developers of ScribOrder, a cloud-based records management solution for K-12 schools. Lazarus Alliance will guide Scribbles Software through the rigorous AT-101 SOC 2 attestation reporting process and help the company design and implement internal cyber security policies and controls.

The Service Organization Control 2 (SOC 2) report is part of the AICPA SOC reporting framework. SOC 1 reports address financial reporting controls and utilize the well-known SSAE 16 attestation standard. Conversely, SOC 2 addresses non-financial reporting controls and utilizes the AT-101 professional standard. SOC 2 was designed to fit the reporting needs of SaaS providers and other technology-driven service organizations, whose clients may not rely on reported controls for financial reporting purposes but depend on the service organization's ability to maintain the highest levels of data security. The SOC 2 supersedes the previous SAS 70 report and, as customers become increasingly concerned about data security, it is enjoying rapid adoption by technology service providers.

An independent audit of data security procedures and controls is crucial for all technology service organizations, especially in heavily regulated industries such as education, where Scribbles operates.

Michael Peters, CEO, Lazarus Alliance

"An independent audit of data security procedures and controls is crucial for all technology service organizations, especially in heavily regulated industries such as education, where Scribbles operates,” said Michael Peters, CEO of Lazarus Alliance. “The ScribOrder product is used to process and store K-12 students’ personal data. Child identity theft is a constant worry in the education industry, and schools need to be assured that their records management software employs the highest levels of data security. By issuing an SOC 2 report, Scribbles is demonstrating that the security of their clients’ data is their top priority.”

An SOC 2 report demonstrates that an organization has been independently assessed regarding one or more of the five AICPA Trust Services Principles of security, availability, processing integrity, confidentiality, and privacy. The report outlines the organization’s system, the suitability of its design, and the operating effectiveness of its controls.

"Scribbles Software handles hundreds of millions of sensitive records for K-12 school districts and other educational institutions. As such we take data security extremely seriously. In an effort to ensure that we meet the standards, we have chosen Lazarus Alliance to handle our SOC 2 audit. We realize that this endeavor is not a one-time effort, so we look forward to our ongoing relationship with Lazarus Alliance as we continue to strive to exceed the SOC 2 standards," said Ron Christian, Managing Partner, Scribbles Software.

A SOC 2 attestation also requires the service organization to establish specific written information security policies and procedures. Lazarus Alliance is helping Scribbles develop cyber security policies in accordance with SOC 2 using the Continuum GRC IT Audit Machine (ITAM), a RegTech software solution that automates governance, risk, and compliance.

“SOC 2 reports can be tricky,” explained Peters. “Not all components of the SOC 2 apply to every organization. The ITAM’s built-in SOC 2 modules take a lot of the complexity out of the process and save our clients time, hassle, and money.”

Source: Lazarus Alliance

Share: