Merrill Corporation (www.merrillcorp.com), a global provider of secure content sharing, regulated communications and disclosure services, today announced the successful completion of the Service Organization Controls (SOC) 2 Type 2 attestation report, with no exceptions, based on an extensive audit of the company’s security and compliance controls including its policies, guidelines and processes around data security and confidentiality. The audit was conducted by Wipfli, a leading accounting firm and provider of SOC 2 audit services.
According to the American Institute of Certified Public Accountants (AICPA), SOC 2 reports are intended for a broad range of corporations that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. The SOC 2 attestation audit for Merrill was conducted from January 2016 through December 2016, focusing on more than 100 assessed controls, including its multiple product platforms. On an ongoing basis, Merrill takes proactive measures to ensure the confidentiality and integrity of its information systems.
“The lengthy and comprehensive SOC 2 Type 2 audit process represents yet another layer and level of commitment to the continued tracking and enhancing of our information security controls,” said Michael Musto, Merrill’s Chief Security Officer. “Aligning detailed security controls to all of our business processes is critical to sustaining the highest level of protection for sensitive customer information.”
“Data security and confidentiality are of critical importance for our customers and the marketplace in which we operate,” said Rusty Wiley, Merrill’s President and Chief Executive Officer. “The successful completion of the SOC 2 attestation audit is a tangible demonstration of Merrill’s unrelenting commitment to customer data security, and a validation of our technology platform and controls. We’re pleased with the results and outcome, and have made a commitment to conducting an annual SOC 2 review of our data security policies and procedures to help ensure that we remain in compliance. By taking these proactive steps to receive this certification, we’re providing our customers even greater assurances regarding the integrity of our security and non-financial controls, and saving them time and resources in having to do their own due diligence.”
About Merrill Corporation
Merrill Corporation provides technology-enabled platforms for secure content sharing, regulated communications and disclosure services. Clients trust Merrill’s innovative applications and deep subject expertise to successfully navigate the secure sharing of their most sensitive content, perfect and distribute critical financial and regulatory disclosures, and create customized communications across stakeholders. With more than 3,000 people in 34 locations worldwide, clients turn to Merrill when their need to manage complex content intersects with the need to collaborate securely around the globe.