Awair Achieves SOC 2 Type 2 Compliance

As Awair continues to make enhancements in security, SOC 2 Type 2 Compliance is the next phase in our process. The final report will be available during the first week in April. 

Importance of Type 2 

Since Awair’s founding, we have continued to pursue top-level data security practices. We want our customers to have peace of mind when they think about the privacy of their indoor air quality (IAQ) data. It should be available to those managing the buildings (employers, landlords, facilities, etc.) and the people accessing them. Sharing data, however, should not put other internal systems at risk. This is where SOC 2 Type 2 Compliance comes in: it details how companies, like Awair, safeguard company data and how well those controls are operating. 

An independent auditor, Barr Advisory, conducted an audit of our servers and systems based on the standards and five trust principles set by AICPA. They will perform the audit annually and work with several large-scale technology companies, including SHI, Enseva, and C2FO. 

Thanks for a collaborative effort, we have achieved compliance in the following areas: 

1. Security - Protection of system resources against unauthorized access.
   
   
2. Availability - Accessibility of the system as stipulated by the contract.
   
   
3. Processing integrity - Addresses whether or not a system achieves its purpose. Data processing must be complete, valid, accurate, and timely and authorized.
   
   
4. Confidentiality - Data access is restricted to a specific set of people.
   
   
5. Privacy - Addresses the system’s collection of personal information. 

Continuous Monitoring 

We will continue to secure SOC 2 Type 2 reports on an ongoing basis, as well as perform penetration testing (pentesting) and support single sign-on (SSO). A copy of Awair’s SOC 2 Type 2 report is available to both prospective and current customers upon request.