Data protection is a major issue for businesses, particularly in a context where cyberattacks are increasing and regulations are becoming stricter. At Present, we have always placed security at the heart of our priorities. Today, we are taking a new step by obtaining SOC 2 Type 2 certification, a reference standard that attests to the reliability and compliance of our data management practices.

This certification is particularly important for our customers and partners, who must not only ensure the protection of their sensitive information, but also comply with the new obligations imposed by Law 25 in Quebec.

Why SOC 2 certification is essential
SOC 2 (Service Organization Control 2) certification is an internationally recognized standard that assesses how a company protects the data entrusted to it. It is based on five main principles: 

• Security: Implement strict controls to protect systems from unauthorized access. It includes measures such as firewalls, intrusion detection, and multi-factor authentication
• Availability: Ensure that services are accessible and operational at all times. It includes measures such as disaster recovery plans, backup procedures, and system monitoring
• Processing integrity: Guarantee that data is complete, valid, accurate, timely, and authorized. It includes measures such as quality assurance procedures, error detection, and data validation
• Confidentiality: Restrict access to data to authorized persons only. It includes measures such as encryption, access controls, and confidentiality agreements
• Privacy: Ensure that personal information is collected, used, retained, disclosed, and disposed of accordance with regulatory requirements. It includes measures such as data anonymization, consent management, and privacy policies.

UA changing regulatory context: Law 25 in Quebec 
Adopted in September 2021, Law 25 aims to modernize Quebec's legislative framework for the protection of personal information. It imposes new obligations on businesses, including:

• The appointment of a data protection officer.

• The obligation to report any breach of data confidentiality.

• The obligation to obtain clear and informed consent for the use of personal data.

• The implementation of security measures adapted to the sensitivity of the data processed.

The penalties provided for by Law 25 are severe: fines of up to $25 million or 4% of global annual turnover in the event of non-compliance. In this context, choosing a SOC 2 certified partner allows companies to demonstrate their commitment to these new requirements and to limit the risks related to data management.


A demanding process for trusted certification
Obtaining SOC 2 Type 2 certification is not a simple formality. It is a rigorous process that took place over 18 months and involved several key steps:

1. Analysis of existing practices: Initial audit to assess our security protocols and identify necessary improvements.
2. Implementation of reinforced controls: Access management, continuous monitoring of systems and incident response plan.
3. Independent audit: An external firm verified the compliance of our processes with SOC 2 Type 2 standards.
4. Validation and certification: After extensive testing, we officially received SOC 2 Type 2 certification.

“Obtaining SOC 2 Type 2 certification reinforces Present’s ongoing commitment to providing secure, reliable services that meet the highest industry standards,” said Marc Beaulieu, President of Present. “This achievement is the result of a collective effort involving our technical, governance and security teams, and we are very grateful to them.”

Secure your data with a trusted partner 

Cybersecurity and regulatory compliance are essential issues for any company today. By choosing a SOC 2 Type 2 certified provider, you ensure that your data is protected according to the highest industry standards.

Want to know more about our services and how we can help you secure your data? Contact us today.