Clean Power Research cloud software services comply with Service Organization Controls standards for operational security, availability and confidentiality.
The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework to serve as a standard for controls that maintain the confidentiality and privacy of information stored and processed in the cloud. This aligns with the International Standard on Assurance Engagements (ISAE), the reporting standard for international service organizations.
Audits utilizing the SOC framework can be “SOC 1” or “SOC 2”. A SOC 2 audit examines a cloud service provider’s system based on the AICPA Trust Service Principles and Criteria. SOC 2 applies to Clean Power Research’s services.
At the conclusion of a SOC 2 audit, the service auditor delivers an opinion in a SOC 2 Type 2 report, which describes the service provider’s system and assesses the fairness of the service provider’s description of its controls. It also evaluates whether the service provider’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.
A SOC 3 report is a shortened summary of the SOC 2 Type 2 audit report. It is made available for users who want assurance about the service provider’s controls but don’t need a full SOC 2 report. A SOC 3 report can be conferred by the service auditor only in cases where the service provider receives an unqualified audit opinion for SOC 2.
Clean Power Research’s SOC 2 and SOC 3 Reports document Security, Availability and Confidentiality controls in place to support Clean Power Research cloud service operations and compliance.
The SOC reports cover the products and services in the PowerClerk, SolarAnywhere and WattPlan families with the exception of PowerClerk v1. PowerClerk v1 is the legacy version of PowerClerk; customers are no longer onboarded to this platform.
The external service auditor—the entity performing the audit and preparing the SOC reports—for Clean Power Research’s services is Moss Adams LLP.
Clean Power Research issues SOC 2 and SOC 3 Reports annually. For 2018, the reports cover the period from April 1, 2018 to June 30, 2018. For 2019 and beyond, the reports will cover annual periods. New reports are released in mid-September.
SOC 2 Reports are provided based on legitimate business need. However, before we are able to provide your organization with a SOC 2 report, you will need to enter into a specific, one-way non-disclosure agreement (NDA) with Clean Power Research. The SOC 3 report is a summary of the SOC 2 report and does not require an NDA.
The SOC 3 report is a shorter form summary that outlines how the audited Clean Power Research services meet the AICPA’s Trust Security Principles in SOC 2 and includes the external auditor’s opinion of the operation of controls.