TEAM Concept Printing's Journey to SOC 2 Compliance

By Tony Rouse

Over the course of the next several months, TEAM Concept Printing will share its journey to become SOC 2 compliant. In this first edition of the blog series, Tony Rouse, president and CEO of the Carol Stream, Illinois-based company shares some key information about why the company is seeking the certification, how to begin the process, and some of the common challenges.

From a commercial printer’s perspective, describe what SOC 2 compliance is all about and why the designation is important for TEAM Concept Printing?

Tony Rouse: SOC 2 compliance is a certification that validates a company's ability to keep customer data secure. It sets standards for how sensitive information should be handled, stored, and protected. For commercial printers, it is especially important as they handle confidential information such as financial documents, legal contracts, and personal data. By obtaining SOC 2 compliance status, a commercial printer can assure their clients that their data will be safe in their hands.

At TEAM we decided to start the SOC 2 process because we realized it would open many new opportunities with our larger scale corporate customers. They are looking for providers who can demonstrate the commitment to their customer’s data.

When did SOC 2 certification start to come up on your radar?

Rouse: We were aware of the process and the benefits of SOC 2 pre-Covid. The challenges Covid presented us delayed the implementation. Fast forward two to three years post-Covid and we decided to take the leap. Our larger clients stated that SOC 2 is what separates the top 1-2% of printers from the rest of industry.

What steps should a commercial printer take to begin the process of obtaining SOC 2 compliance status?

Rouse: Step one is to have the right person to drive the certification and own the entire process. The two phased process can take over 18 months. So having someone who has a long-term mindset and commitment to your company is critical. The amount of organization it takes is incredible. At TEAM, the senior manager we identified is Roger Lauger. He has been with us for more than15 years and has managed other complex projects before as well.

The next step is to conduct an internal assessment to identify any gaps in security processes and procedures. This could include evaluating access controls, data encryption methods, and employee training programs. Once these gaps are identified, the commercial printer can start implementing necessary measures to address them. It is also recommended to seek guidance from a consulting firm experienced in SOC 2 compliance, as the process is complex and overwhelming.

How long does it typically take for a commercial printer to become SOC 2 compliant?

Rouse: The time frame varies depending on the size of the company and their current security measures. On average, it can take anywhere from 12-18 months to achieve SOC 2 compliance status. It is a two-tier approval process and we are currently approved for Type 1. However, it is important for companies to prioritize security practices and continuously improve even after obtaining the certification.

Are there any specific challenges that commercial printers may face during this process?

Rouse: One potential challenge could be the cost of implementing necessary security measures. However, this should be seen as an investment in the long-term success and reputation of the company. It is definitely an investment that can run well above $100,000 to make it to the Type 2 level of certification. I can understand why many printers shy away from it.

Another challenge could be adjusting to new policies and procedures, but with proper training and communication, these changes can be smoothly implemented.

Any final thoughts or advice for commercial printers considering obtaining SOC 2 compliance status?

Rouse: I would highly recommend it. In today's digital landscape, data security is a top priority for businesses and clients. By obtaining SOC 2 compliance status, commercial printers can demonstrate their commitment to protecting sensitive information and stand out in the industry. It may seem like a daunting process, but in time we see that the benefits will far outweigh any challenges that may arise. Plus, it shows your clients that you take their privacy seriously and are willing to go above and beyond to ensure their data is safe in your hands.

I also believe the SOC 2 process provides a great exercise for leadership teams to refine their craft and commit to not getting complacent. It is like the old adage, “if you are not getting stronger, you are getting weaker.” We want things like SOC 2 to push us to get stronger. We have been through FSC certifications, Health & Safety and the G7 Master Printer process and they all have made us better and our customer appreciate us for that.

Reference

"SOC 2 Compliance: A Step-by-Step Guide to Prepare for your Audit" by Marisa Krystian, Rippling

0 Comments

View Comments

Categories:
Data Management

Tony Rouse Author's page

Team Concept Printing. TEAM Concept Printing is a full-service commercial print, fulfillment and mailing provider. Its 60,000-sq.-ft. state-of-the-art production center produces printing and packaging programs for some of the largest companies on earth. To learn more about TEAM Concept Printing and its full line of services please visit www.teamconceptprinting.com.