MCNC Boosts Cybersecurity on NCREN

RESEARCH TRIANGLE PARK, N.C. (May 8, 2017) –MCNC, the non-profit owner and operator of the North Carolina Research and Education Network (NCREN), has successfully completed a Service Organization Controls (SOC) 2 Type II examination. Accountancy firm Assure Professional performed the rigorous audit of MCNC’s organizational security controls and processes.

The SOC 2 Type II standard not only defines what controls should be in place, but also verifies that MCNC is appropriately managing security risks and is a trusted partner serious about data protection and effective operations. For more than three decades, MCNC has been a leader in broadband connectivity and networking, placing high importance on securing customer data while operating a 2,600-mile fiber network across the state.

“We commend MCNC for taking the initiative to evidence that their control environment has been implemented successfully and is operating as intended,” said Juan Vargas, Senior IT Security Auditor, Assure Professional. “It is admirable for a company to provide this assurance to their users.”

The American Institute of Certified Public Accountants (AICPA) is the governing organization for SOC 2.

In 2012, MCNC achieved SOC Type I certification. Type I reports examine policies and procedures placed in operation at a specific moment in time. Type II reports are more comprehensive and designed for advanced IT service providers as systems are evaluated for a minimum of six months to a year. Organizations that undergo this independent review and achieve this level of certification by meeting very stringent requirements have proven that its entire system is designed to keep its customers’ sensitive data secure.

“In today’s cyber environment where third-party vendor risk is at an all-time high, it is imperative that customers look for solutions that can provide baseline security controls for the protection of their data," said Maria Thompson, State Chief Risk Officer with the N.C. Department of Information Technology, noting that NC DIT requires all state agencies to certify the facilities housing state data are appropriately secured. "Understanding that there is no 'silver bullet', a SOC 2 Type II certification is an industry best practice designed to identify organizations that can best meet the trust principles.”

MCNC Director of Security and Chief Security Architect Chris Beal explained that securing an organization’s networking infrastructure requires employees and institutions alike to proactively manage and protect personal and organizational assets. He says MCNC manages security threats and responses in the context of business risks and continues to strengthen its ability to rapidly detect and respond to security threats on NCREN.

"MCNC recognizes the increasing importance of ensuring our services are secure and resilient in the face of cyber threats," said Beal. "The SOC 2 Type II standard sets a clear bar for appropriate security and risk management practices, and then goes a step further to ensure the right controls are in place, signifying our commitment to operating a secure data center."

MCNC employs an experienced team of engineers to efficiently run and manage its data centers. MCNC’s 5,000 square-foot data center in Research Triangle Park is SOC 2 Type II compliant. MCNC also has a data center presence at the Pisgah Astronomical Research Institute (PARI) in Rosman that has more than 1,500 square-feet, raised-floor space in a building constructed to stringent U.S. Department of Defense standards.

"From basic broadband to advanced services for experimental networks, MCNC is instrumental in connecting millions of North Carolinians with reliable and forward-thinking technology solutions," said Jean Davis, MCNC President and CEO. “This extensive effort to validate our security protocols and procedures further demonstrates our commitment to our customers with a structured approach to risk management.”

MCNC offers colocation, data protection, and managed hosting within its data centers. MCNC’s Network Operations Center (NOC) staff and Client Network Engineers (CNE) offer a range of expertise from the most basic managed hosting services to more advanced performance monitoring, digital diagnostics, architecture assessments and planning, system tuning, IT management, and planning services.