Provide SSAE SOC2 reports for PI Cloud Connect and OSIsoft Cloud Services
Prior to be able to adopt PI Cloud Connect, many of our customer cybersecurity teams request OSIsoft to provide SSAE SOC2 cybersecurity audit reports. Currently OSIsoft does cybersecurity audits, but these are not specifically SOC2 audits. This is a request to provide these audits that better fit into the industry trend seen at our customer base.
SSAE SOC2 reports do not assess the cyber security controls of a company but are used for an attestation of financial fitness. OSISoft should be providing SOC2 Type 2 reports on their Cloud Service and not redirecting people to Microsoft Azure Compliance reports. While Microsoft is acting as a cloud provider to OSISoft, Microsoft does not have a contractual responsibility to OSISoft customers. For example, Microsoft is not responsible for the patching of OSISoft applications built on the PaaS service they are obtaining from Microsoft.