Security

We have implemented a comprehensive, robust, and all-inclusive Information Security Program. The program ensures that we are secure in our people, our processes, and our technology. We execute the ISP every day, at every level of the organization, and within every technology that we utilize.

To prove that we are secure, LENA maintains Type II SOC 2 compliance and is audited yearly by a third-party firm.

Having a regular audit ensures we update our Information Security Program yearly and that we are, in fact, following our own standards. The audit also ensures that our software development processes are safe and that all changes to the LENA Online software or our IT infrastructure are vetted and approved by management.

What is Type II SOC 2?


SOC 2 is a set of standards created by the American Institute of Certified Public Accounts (AICPA) that is designed specifically for technology companies that provide online systems which store confidential information. SOC 2 requires that those companies establish and follow strict information security policies and procedures. Like a financial audit, a SOC 2 audit is performed by an independent auditor who produces an objective report.

A Type II SOC 2 audit certifies that a company has established and followed an information security program over a set period of time. This is the gold standard in SOC 2 auditing as it ensures that a company is “doing what it says” and requires proof of the same. SOC 2 audits usually occur annually.

Many experts consider Type II SOC 2 to be the best audit of a company’s ability to handle and secure confidential data. Its requirements are very similar to HIPAA, ISO 27001, FERPA, and many NIST standards.

What gets audited?

A SOC 2 audit is not just a technology audit, it is also a people, policy, and process audit.


LENA is audited on the security, availability, and confidentiality of LENA Online and on all the systems and processes the organization has in place to support LENA Online.

Supporting systems include all sorts of diverse components of our organization, such as the physical security of our office building, the safety of our internal computer network, and our human resources processes. Because each of these could directly or indirectly affect the security of LENA Online, they get audited too.

So not only does the audit look at “typical” Information Technology protections like encryption, firewalls, and backups, but it looks at how people are managing those protections, how we hire and train those people, how prepared we are for a data breach, and how well we monitor and look for anomalies.

Why is this important?

Depending on your organization or business, you may be required to provide evidence of LENA’s data protection. Or, you may just want peace of mind that LENA is protecting your data. LENA’s Type II SOC 2 report proves that your data is protected.

If you require a certain level of data protection, or require a certain cyber protection standard, please contact us. We have worked with many types of organizations to meet their security requirements and are happy to strategize with you.

For more information about LENA’s Type II SOC 2 compliance, please contact info@lena.org.