Acuity Brands Inc. has completed the requirements for a Service Organization Control (SOC) 2, Type 1 Audit, covering the company’s website and distribution center platforms. The audit affirms that Acuity Brands’ policies, practices, procedures, and operations for the website and covered platforms meet the SOC 2 criteria for security and availability.
“Earning a SOC 2 report reflects Acuity Brands’ ongoing commitment to security,” says Jazib Frahim, vice president – Product & Application Security, Acuity Brands. “The assessment covers several key platforms that customers and our sales channels interact with often on a daily basis, providing them with a third-party assurance that Acuity Brands has appropriate information security controls in place.”
The scope of the SOC 2, Type 1 report covers Acuity Brands’ critical systems, applications, networks, development processes, human resources, and information assets as they apply to the handling of restricted information and development of the following:
- AcuityBrands.com is the primary marketing website for information about Acuity Brands and its products and solutions. Additionally, Distributor Channel Partners and OEM Customers can log into AcuityBrands.com to view price and availability (inventory information) for stocked products.
- Acuity Distributor Center (ADC) is a transactional website used by Distributor Channel Partners and OEM customers to interact directly with Acuity Brands systems and product information. The main features and functionality included in ADC are viewing product attributes and information such as amount of inventory on hand, printing and exporting product catalogs, placing online orders, viewing order status, and viewing and printing marketing information, as well as viewing or printing financial or transactional documents such as credit memos, invoices, packing slips and bills of lading.
- Electronic Data Interchange (EDI) is a technology used by many industries to communicate and share information electronically between systems. There are numerous EDI transaction types that can be enabled between vendors, Distributor Channel Partners or OEM customers and Acuity Brands.
SOC 2 reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization. Audits cover attributes relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. Developed by the American Institute of CPAs (AICPA). SOC 2 is an auditing procedure to ensure a service provider securely manages data to protect the interests of the organization and the privacy of its clients. Acuity Brands’ SOC 2 audit was conducted by the firm Maloney + Novotny.
For more information and inquiries about Acuity Brands’ commitment to conducting business with integrity, please go to Acuity Brands – Sustainability, Governance.
Be the first to comment on "Acuity Brands Completes Service Organization Control 2 Type 1 Audit"