Third party audit of organizational procedures, policies and controls provide BDI customers with expert assurances regarding the security of BDI’s production and network systems.
Los Angeles, CA (August, 2019)
We are pleased to announce the successful completion of BDI’s annual Service Organization Control (SOC) 2 Type II audit review (audit performed by Marcum, LLP). The audit results demonstrate our commitment to the highest available standards for security, privacy and service support available in our industry.
The AICPA’s SOC examination guidelines, and the resulting Independent Service Auditor Report, provides detailed information about BDI’s security policies and offers assurance in our ability to protect your organization’s vital information.
What Are Service Organization Control (SOC) Reports?
The American Institute of Certified Public Accountants (AICPA) publishes Service Organization Control (SOC) guides for auditors to utilize when reporting on controls at service organizations.
SOC 2 is based on AT Section 101 of the AICPA professional standards. A SOC 2 report examines controls at a service organization relevant to the security, availability, or processing integrity of a system or the confidentiality or privacy of the information contained in the system. These audits are based on the Trust Service Principles, Criteria and Illustrations established jointly by the AICPA and the Canadian Institute of Chartered Accountants (CICA). A SOC 2 report is intended for existing customers and their auditors, not potential customers or the general public.
SOC TYPE I And TYPE II Reports
In any SOC engagement, the auditor provides a Type I or a Type II report. Type I reports document an auditor’s opinion regarding the accuracy, completeness and suitable design of an organization’s controls as of a set date. Type II reports audit the implementation of these controls over a set period of time, typically 6 months to a year, with sample testing of each controls’ operating effectiveness during the defined period.
AICPA Interpretation on Certification
BDI annually completes its annual SOC 2 Type II audit review. According to the AICPA, there is no “Certified” designation.
As always, look for new information to be posted and referenced on our website or contact us directly if you have any questions. Our customers can access security documents directly through their BDI customer portal.
Secure File Transfer
Secure, confident handling of proprietary client data is our first priority. BDI is SOC 2 Type II compliant and stands vigilant in supporting the technology, practices and policies required to ensure that our security and productivity frameworks are efficient, reliable and well-tested.
Production files are typically “pushed” by our customers, allowing us to assign files to specific jobs or workflows based on customer instruction. On this path, we track file associations (and more), enabling “triggered” production processing at a rapid and confident rate. BDI also supports Secure FTP protocols according to client requirements.
ClientConnect – Next Generation Online Job Submittal
Our ClientConnect platform extends client control of instructions for scheduled production, print orders and more. A customer can submit job-specific details and apply them to a scheduled job. Once a job is approved by the customer for production, it is queued for automated processing, pending only final production files. The following are a few of the primary functions:
- Electronic file submission
- Job instructions
- Press print requests
- Job sampling, reporting and approval
- File download for archives and more
This flexible workflow approach has allowed BDI to become one of the fastest, most reliable document composition companies in the U.S. ClientConnect extends and strengthens our ability to meet critical service levels for jobs of all sizes and complexity.
Secure Building
Document processing is performed in workspaces with layered, secure-access at all encroaching doors. Building entrances are pass-key activated for entry by BDI employees only. All other entry is scheduled and escorted. Shipping and receiving areas are isolated and monitored at all times.
Electronic Monitoring
An electronic surveillance system with over 3 dozen cameras that record activity on a 24-hour basis. Employee movement is monitored via access cards throughout the facility.
Background Checks
All employees undergo routine background checks as part of their employment. This includes investigation for criminal activities, drug violations as well as past employment verification.
Access Rights
Different levels of security access is assigned to employees on a “need-to-access” basis. Their activities are limited based on the principle of least privilege and minimum access required for business purpose.