We’re proud to announce that Global Research has achieved SOC 2 Type I accreditation, marking a significant milestone in our commitment to data security, privacy, and client trust.
We work extensively with sensitive public, commercial, and personal data, and recognise that ensuring data protection isn’t additional to what we do—it’s a core component of our work.
We believe this places us at the forefront of data security for social and market research companies in New Zealand. SOC 2 accreditation assures our clients that we hold and demonstrate the same level of commitment to protecting their client and stakeholder data as they do.
We are increasingly finding that for Government Ministries, local bodies and significant private organisations that providing data protection assurance with an accreditation such as SOC 2 is not a ‘nice to have’, increasingly it is becoming a ‘must have’.
Why We Pursued SOC 2
Data breaches and cyber threats are on the rise, globally and in New Zealand. In the year ending June 2024, New Zealand’s National Cyber Security Centre recorded over 7,000 incidents, including 340 targeting high-value organisations, costing upwards of $21.6 million. And risks are projected to increase significantly with what is now possible using AI.
So our clients need more than verbal assurances; they need independent validation that their information is handled with care and rigour. SOC 2 accreditation provides just that. Developed by the American Institute of Certified Public Accountants (AICPA), it evaluates non-financial systems controls related to security, availability, processing integrity, confidentiality, and privacy—the Trust Services Criteria. We decided to become SOC 2 accredited because of its international acceptance and the confidence that it gives by those who achieve it having to be rigorously independently audited.
Our journey to achieve SOC 2
We partnered with cybersecurity consultants, Outfox , to develop comprehensive internal policies and procedures aligned with SOC 2’s stringent requirements. Outfox, Wellington-based cyber-resilience specialists were excellent. Their expertise helped us to refine our current practices and structure our processes to not only meet the audit standards but also reinforce our broader business resilience. While the overall goal was to achieve compliance, we learnt and improved substantially along the way.
Following a few months working with Outfox to prepare and refine our systems and process, and document what we do, an audit was conducted by Prescient Assurance, a leading SOC 2 auditor recognised for their work with security-focused organisations worldwide. The audit covered:
˃ System architecture and infrastructure
˃ Internal roles, responsibilities, and access controls
˃ Security procedures, data handling, and incident response
˃ Relationships with third parties and data processors
˃ Controls and assurances aligned with the Trust Services Criteria
What SOC 2 accreditation means for our clients
SOC 2 Type I accreditation means that Global Research has been independently verified to have robust systems and controls in place. For our clients, this translates to:
˃ Greater assurance that data is protected from unauthorised access
˃ Confidence in the integrity and availability of research systems
˃ A demonstrated commitment to continuous improvement and transparency
Whether you’re a Government Ministry or Department, a local authority, private sector business, or not-for-profit, you can rely on Global Research to deliver insights securely, ethically, and to the highest standards.
What’s Next
We’re now turning our attention to SOC 2 Type II, which involves ongoing monitoring of these systems over time. As the regulatory and cybersecurity landscape evolves, so will our commitment to meeting and exceeding the highest auditable standards.