11 March 2020
MHR renews sought-after SOC 2 accreditation
MHR has announced completion of its Service Organisation Controls (SOC 2) assessment, earning Type 2 compliance for the third year running.
The prestigious SOC 2 report, audited by KPMG, is now available for purchase by MHR customers, gaining them maximum assurance of the best possible security controls for the processing of their data.
The sought-after certification is one of a catalogue of other security certifications held by MHR including ISO 27001 and CiSP membership.
The areas of data control included in the certification cover the following criteria:
- Organisation and Management
- Communication
- Risk management, design and implementation of controls
- Monitoring of controls
- Logical and physical access controls
- System operations
- Change management
“Compliance with important industry regulations is a core value across the MHR Group, both for our customers as we support their compliance and regulatory needs and also in the way we operate internally,” said Anton Roe, CEO at MHR.
“To maintain our reputation as a leading HR technology provider, data security and privacy must remain one of our top concerns as we process and control vast amounts of data belonging to our growing customer base,” he added.
“The SOC 2 Type 2 accreditation is ultimately about establishing the trust we built among customers over 35 years as a leading IT supplier, which we have earned by delivering services to the best possible standards, and by transparency about our operations and risk management, verified through real measurement and independent audit.”
“To achieve the certification, MHR addressed more than 200 evidenced Points of Focus against report criteria, evidencing a vast number of controls requiring testing by KPMG. This required us to allocate significant resources into this area in 2019, so we are delighted that the results are a success.”
“For our customers, the report provides a high level of due diligence and reduces the requirement for onsite audits and vendor risk questionnaires, while providing an added level of assurance for regulators and supervisory bodies.”