Implementing Stronger Access Controls to Protect Customer Data

By Roger Lauger

In this month's "Print Secure" feature, Roger Lauger, chief administrative officer at TEAM Concept Printing, talks about the company's journey through the SOC 2 certification process and the steps its taken to improve data security protocols. SOC 2 focuses on five key pillars: security, availability, processing integrity, confidentiality, and privacy of customer data. This is Lauger's third discussion with Printing Impressions on the topic of SOC 2.

Refresh our readers on what prompted TEAM Concept Printing to pursue SOC 2 certification and how it aligns with your overall business strategy?

Roger Lauger: At TEAM Concept Printing, we’ve always been committed to maintaining the highest standards of data security, especially as the printing industry becomes increasingly digital. We recognized that our clients are handling sensitive data and that ensuring the confidentiality, availability, and security of that information is critical. Pursuing SOC 2 was the next logical step in demonstrating our dedication to these standards and reassuring our customers that their data is protected. It aligns with our broader philosophy of building trust and delivering excellence in everything we do. From the standpoint of our customer’s experience, they want it as well and want to align with a commercial printer who is taking it seriously.

With regards to the data security phase of SOC 2, what were some of your first actions you took to pass the certification?

Lauger: The first step for us was conducting an internal audit to assess where we stood in terms of data security protocols. We identified areas that needed improvement, such as access controls and data encryption practices. We then worked with an experienced third-party auditor to help guide us through the process. We broke the audit into data encryption, access, data transit and employee awareness. It really gave us a good idea of where we stood. This audit took about one month.

How did you implement stronger access controls to ensure that only authorized personnel could access sensitive customer data?

Lauger: Fortunately for us access controls was one of our stronger practices. Of course, we can improve on it but we scored very well here. We enhanced our role-based access control (RBAC) system, ensuring that employees only had access to the data necessary for their specific roles. We also implemented multi-factor authentication (MFA) for all critical systems to add an extra layer of security. We added in an extra layer of regular audits to ensure that access permissions were up-to-date and aligned with the current responsibilities of team members. Although we were strong here, these enhancements will help TEAM minimize the risk of unauthorized access and will strengthen our overall security posture.

What role does data encryption play in TEAM’s security strategy, and how have you ensured its implementation?

Lauger: Data encryption is a core aspect of SOC 2. We made it a priority to ensure that all sensitive customer data is encrypted both at rest and in transit. For data at rest, we use strong encryption algorithms to protect stored information on our servers and in backups. For data in transit, we implemented secure protocols like HTTPS and TLS to safeguard data while it’s being transmitted over networks. We have retained an independent third party to help us conduct regular reviews and updates of our encryption methods. The extra layer of support helps TEAM keep up with evolving security standards.

How has SOC 2 certification affected TEAM Concept Printing's relationship with clients?

Lauger: Passing the first phase of SOC 2 certification has strengthened our relationships with customers. It provides them with the assurance that we’re taking the necessary steps to protect their sensitive data. Our healthcare, finance, and legal services customers are very pleased with this. For many of them SOC 2 certification is becoming a requirement. Our long-standing customers are positive, but they have come to expect that we will go above and beyond to do what is right by them and their end users. I believe it has been just as good for our production specialist and CSRs as a proud moment for them. They see us raising our game and our pleased to play a part in it.

What advice would you give to other printing companies considering the SOC 2 process to improve their data security protocols?

Lauger: Patience, organization and communication are three virtues and skills that are needed. It takes time and knowing how the customer will benefit and how the business will benefit is crucial. Fortunately, our Founder Tony Rouse is committed to investing in the business because it is the right thing to do. From an organization and focus standpoint our TEAM dedicates set blocks of time each week to follow through on the steps and communicates consistently with each department.

Looking ahead, what’s the next topic for TEAM Concept Printing in terms of the SOC 2 Journey?

Lauger: Securing physical space and building security protocols is the next step of the process. At TEAM we have over 50,000 square feet of space with multiple production departments, delivery bays and multiple entry points so it is a complex set up. My colleagues Terry Wiersma and Mike Stone really owned that part of the process so we will get their perspective.

TEAM Concept Printing’s dedication to enhancing its data security protocols through the SOC 2 certification process underscores their commitment to safeguarding customer information. From implementing stronger access controls to ensuring data encryption at every level, TEAM’s proactive approach to data security has earned them the trust of their clients and set a strong foundation for continued success in the digital age. To learn more about TEAM Concept Printing visit them at www.teamconceptprinting.com

The preceding content was provided by a contributor unaffiliated with Printing Impressions. The views expressed within may not directly reflect the thoughts or opinions of the staff of Printing Impressions.