Consortium completes SOC 2 Type II audit

Consortium completed a System and Organization Controls 2 (SOC 2) Type II audit that covered both Consortium and its Cyber Decision Support Platform, Metrics that Matter, and said the outcome reflected its commitment to safeguarding client data and to security and operational standards.

The SOC 2 Type II certification validated that Consortium and Metrics that Matter had internal controls, security practices, and operational processes that met standards for data protection, availability, and confidentiality over time.

The announcement identified internal controls, security practices, and operational processes as the audited areas and listed advanced monitoring practices, employee security awareness programs, third-party controls validation, and proactive risk-management initiatives among the measures associated with achieving the certification.

Consortium said it began as a network for cybersecurity professionals to exchange ideas and later expanded its activities to include advisory services and technology products centered on the Metrics that Matter platform. “Security has always been at the heart of Consortium’s mission,” said Nate Ungerott, CEO at Consortium Networks.

“At Consortium, and within Metrics That Matter, we view security not just as a compliance requirement, but as a core value that underpins the trust our clients place in us every day. Achieving our SOC 2 Type II certification represents a major milestone in our ongoing commitment to maintaining the highest standards of data protection, integrity, and operational excellence,” said Charles Iannuzzelli, President of Metrics That Matter at Consortium.

“This milestone reinforces our dedication to robust security practices as we continue our commitment to upholding strong security and compliance for our clients and partners,” said Frank Scholl, Chief Technology Officer at Metrics That Matter. Consortium said it planned to continue investments in security maturity, including advanced monitoring practices, employee security awareness programs, third-party controls validation, and proactive risk-management initiatives.