SOC 2 for Construction Software Users

SOC 2 Primer and A Challenge For Construction Software Providers

Moving our data to cloud-based systems gives us many benefits we’re all needing right now to keep pace with workflow – streamlined collaboration, real-time information, and connected systems to reduce data reentry and transfer. As we decide what systems to trust our critical data with, we need to add one more requirement to our list: data security. Surprisingly few construction software providers tout their data security, and it’s because very few of them are SOC 2 certified.

All cloud-based systems are inherently vulnerable to hacking, data mangling, inappropriate transfer, and other security risks that become revenue, operational and litigation risks if a breach occurs. Companies that trust without question a software provider’s security practices are bound to be rudely surprised at some point. We want contractors to understand that a software is not necessarily developed to best-practice security and development protocols unless it is SOC 2 certified. In fact, a SOC 2 certification is the only official third-party verification of security. Without the certification, it is very difficult for a company to know the security standards a software it is using is developed to. SOC 2 certification is not a panacea or guarantee against security breaches, but it is the only existing mechanism to prove due diligence on both the part of the software company and the contractor.

Relay takes our clients’ data security needs very seriously and has committed substantial time and resources to offer them best-in-class security practices. We understand our clients’ data is business-critical and confidential and treat it as such. Please read Relay advisor Jay Snyder’s recent primer on SOC 2 to learn more.

‍