February 6, 2025
We know that gaiia’s platform is a core part of ISP operations and we are committed to maintaining the highest security standards for our products and services. That’s why gaiia has received a SOC 2 Type II attestation. Achieving this standard with an unqualified opinion serves as third-party industry validation that gaiia provides enterprise-level security for customer’s data secured in the gaiia system.
gaiia was audited by Prescient Assurance, a leader in security and compliance attestation for B2B, SaaS companies worldwide. An unqualified opinion on a SOC 2 Type II audit report demonstrates to gaiia’s current and future customers that we manage our data with the highest standard of security and compliance.
gaiia supports the security, availability, and confidentiality criteria, and also adheres to data privacy requirements through GDPR, which are stricter than the SOC 2 privacy criteria. gaiia will undergo annual audits to ensure that we continue to meet the requirements of SOC 2 Type II compliance.
“Achieving this very important milestone proves to our customers and partners that we do the right thing as an organization to ensure the security, confidentiality, and availability of our customer’s data.” - Olivier Falardeau, Chief Technology Officer, gaiia
Data security should be a top priority for any organization. High profile data breaches are frequently in the news, and they damage company reputations, erode customer trust, and can lead to serious legal consequences.
Protecting customer data is paramount for ISPs, and SOC 2 certification is a way for organizations to demonstrate and maintain data security. SOC 2 is a security framework that defines how an organization should secure customer data and protect it from unauthorized access, breaches, and cyberattacks.
SOC 2 is one of the highest standards that software companies can achieve for customer data security. Organizations design and implement internal controls to comply with the SOC 2 criteria.
SOC 2 is based on five Trust Services Criteria:
In order to become SOC 2 compliant, a vendor must complete an independent, third-party audit that demonstrates it has implemented processes that protect systems and data. The security criteria is always included as part of a SOC 2 audit, while the other four criteria are optional depending on the organization.
There are two types of SOC 2 audits, type I and type II. Type I evaluates a company’s security controls at a point in time to understand if the controls are created correctly. A type II audit evaluates how those security controls function over a period time, usually 3-12 months, to determine if the controls work as they are supposed to.
A SOC 2 type II report offers strong assurances to customers that a vendor not only has appropriate security protocols in place, but that they are maintaining that security for the long term.
The telecom industry operates under strict regulations for managing data security like the General Data Protection Regulation (GDPR) in the EU or the Federal Communications Commission (FCC) rules in the U.S. SOC 2 compliance helps provide an additional layer of data protection and privacy for telecom companies, alongside legal regulations.
Telecom companies often work with multiple vendors and service providers and SOC 2 compliance provides assurance that data and systems are secure, building credibility and trust.
Enterprises often need to conduct vendor risk assessments. A SOC 2 certification simplifies this process, as it serves as an independent validation of the vendor’s security and operational controls. In a competitive market, this can influence purchasing decisions, especially for enterprise clients with high security expectations.
Security should be a crucial part of your criteria when evaluating an OSS/BSS vendor. Many OSS/BSS solutions are now cloud-based or involve SaaS models. SOC 2 certification is particularly relevant in cloud environments because it proves a commitment to high standards of data security and that the system is resilient to failures, which helps ISPs to build trust with their customers and partners.
OSS/BSS platforms handle large volumes of sensitive customer and operational data, including billing, account management, and network operations. It is essential that your customers know that their data is being handled securely and that their privacy is protected.
SOC 2 certification ensures that this data is protected against unauthorized access, breaches, and cyberattacks.
Your OSS/BSS platform is a core part of your business operations and needs to operate 24/7 with no interruptions. If the system is down, you risk losing revenue and disappointing your customers.
Using a SOC 2-certified vendor reduces the risk of operational disruptions by including principles for system availability, business continuity, disaster recovery, and data backups. For businesses relying on OSS/BSS solutions to manage critical operations, this risk reduction is invaluable.
Ask for a vendor to provide their SOC 2 Type II report as part of your evaluation process.
SOC 2 is not a mandatory process. Once an organization has obtained their SOC 2 report, they will typically go through an audit annually to maintain their report status.
Security is the only Trust Services Criteria that is required for SOC 2 compliance, and this is where many companies stop. gaiia exceeds this standard, and is compliant in the security, availability, and confidentiality SOC 2 criteria. We also adhere to regional privacy requirements such as GDPR, CCPA, and Law 25. Achieving these three criteria demonstrates our commitment to the highest level of security.
Every company that completes a SOC 2 audit receives a report. gaiia’s report is available by requesting access using the form found here.
gaiia is continuously monitoring our overall security posture. You can see documentation of gaiia’s complete compliance state against global standards including certifications, attestations, and audit reports.
February 6, 2025
