01/14/2021

Power Factors Receives SOC 1 Type II and SOC 2 Type II Attestation Reports

These reports demonstrate that our internal controls have been assessed by an independent audit firm and that we are compliant to industry standards when it comes to safely and securely handling our customers’ data.

Power Factors Receives SOC 1 Type II and SOC 2 Type II Attestation Reports

by Power Factors

As a company that is deeply committed to the security of customer data, Power Factors is pleased to announce we’ve received our SOC 1 Type II and SOC 2 Type II attestation reports. These reports demonstrate that our internal controls have been assessed by an independent audit firm and that we are compliant to industry standards when it comes to safely and securely handling our customers’ data.

What is a SOC report?
SOC stands for Service and Organization Controls. SOC audits measure how a service organization handles customers’ data using a set of standards outlined by the American Institute of Certified Public Accountants (AICPA). SOC reports are the result of rigorous independent audits and are a key indicator that a service organization has been proven to have the necessary controls in place around data security.

Charlie Driscoll, Director of Cloud Operations and Chief Information Security Officer said, “I’m happy to announce that we’ve successfully received both our SOC 1 Type II and SOC 2 Type II reports for 2020. This represents another step forward for Power Factors as we continue to mature and demonstrate our commitment to security. Moving forward, Power Factors will continue to issue both SOC 1 and SOC 2 reports on a yearly basis.”

What is the difference between SOC 1 and SOC 2 and Type I and Type II reports?
A SOC 1 report deals with financial controls whereas a SOC 2 report focuses on security controls. Each report can be issued as a Type I or Type II report. A Type I report simply demonstrates that an organization’s internal controls are properly designed. A Type II report takes it a step further, demonstrating that an organization’s controls operate effectively over a period of time (usually 6-12 months). For this reason, Power Factors has chosen to pursue Type II reports to ensure our controls are operating effectively at all times.

Why does Power Factors pursue a SOC 1 report?
As noted above, a SOC 1 report provides detailed information and assurances that customers’ financial information is being handled properly. The Power Factors Drive platform is used to collect revenue grade meter data. Therefore, it is imperative that the Power Factors Drive platform properly handles this data as it is often used for billing. The SOC 1 Type II report tested controls around three main criteria:

  1. To ensure that sites (and the revenue grade meter data associated with them) are properly onboarded in a repeatable and accurate manner
  2. To ensure that automated curation and validation calculations for revenue grade meters are accurate and in accordance with internal standards
  3. To ensure that output from revenue grade meter data is complete and accurate regarding end user consumption via reports, tabular models, external APIs, and the website

Why does Power Factors pursue a SOC 2 report?
A SOC 2 report covers the effectiveness of an organization’s cloud and data center security controls. Our customers rely on the Power Factors Drive platform to help them drive critical business outcomes using data from their clean energy assets. As a cloud-based SaaS platform, we hold ourselves to the highest standards when it comes to keeping our customers’ data secure while remaining accessible to those with the required permissions.

Our SOC 2 Type II demonstrates compliance in the following trust service categories: Security and Confidentiality. The Security category includes several criteria, such as: risk management and mitigation, logical and physical access controls, change management, and monitoring activities. The Confidentiality criteria ensures that data is properly classified, secured, and disposed of to ensure data is properly managed throughout its lifetime.

How can I access the reports?
Yearly SOC 1 and SOC 2 Type II audits are one of the ways we show our commitment to ensuring our customers’ data remains confidential and secure. If you’re a current or prospective Power Factors customer and wish to view the reports, you can request a copy from your customer success manager or sales representative. 

Interested in learning more about Power Factors Drive platform? Contact us.

Back to news & insights