We’re proud to announce that SaaSquatch has successfully completed a Service Organization Control (SOC 2®) Type II examination.

Our SOC 2 certification represents a valuable addition to our suite of enterprise-grade features that support customers in even the most highly-regulated industries such as the finance, telecommunications, and education sectors.

We believe that SOC 2 compliance is a critical security requirement for any leading referral and loyalty software vendor, especially when supporting complex customer journeys or handling sensitive data.

Keep reading to learn more about what a SOC 2 certification means for your referral and loyalty programs, and how it strengthens our commitment to providing a secure and trusted solution for acquiring, monetizing, and retaining your best customers.

In the digital age, the strategic use of customer data is critical to getting ahead. It drives business decisions, influences how quickly a company can grow, and facilitates the personalized experiences that customers have come to expect.

But with more and more of this data being stored and transferred in the cloud, there’s increased risk for security breaches and improper handling of sensitive information.

Our decision to successfully complete a Service Organization Control (SOC 2®) Type II examination represents our increased commitment to strengthening our internal controls and processes that protect customer data.

We hold ourselves accountable to the industry’s highest security standards in order to give customers the confidence that their data is safe while they stay focused on launching powerful referral and loyalty programs.

At SaaSquatch, we’ve always set a high bar for technical excellence. We care about security and it is a central part of everything we do. The SOC audit has helped provide formal recognition that the years of development effort, architecture decisions and business practices that support our security posture are thorough and effective.
Logan Volkers

COO, SaaSquatch

What is SOC 2 Type II compliance?

SOC 2 (“Service Organization Control 2”) is an internationally-recognized certification developed by the AICPA. It acts as third-party assurance to verify that a service provider is committed to following the highest standards of security when it comes to managing customer data.

The requirements are specifically designed for companies like SaaSquatch that store customer data in the cloud. Leading organizations like Microsoft and AWS (Amazon Web Services) choose to demonstrate their commitment to security through SOC 2 certification.

A Type II certification means that not only has the company implemented the proper security controls, but the effectiveness of these processes has been verified by expertly-trained, third-party auditors, and the company was determined to be compliant over a period of time, ultimately demonstrating proof of continued commitment. Learn more about the difference between Type I and Type II reports.

In other words, a SOC 2 Type II certification confirms that any customer data you send to SaaSquatch (to facilitate referral and loyalty programs) is actively being managed in a secure and audited environment.

What was the process to become certified?

SOC 2 Type II certification is earned as the result of a successful 6-month audit by an independent firm.

To prepare for this diligent examination of our internal security policies and controls, we partnered with Vanta to help us automate the collection of our audit evidence. We also worked alongside experienced hackers from HackerOne to gain insights from their industry-leading penetration testing services.

After implementing the necessary security policies and processes, we worked with BARR Advisory to facilitate the audit, successfully receiving our certification on September 30th, 2020.

Our official SOC 2 Type II report lets us demonstrate our continued commitment to security through the assurance of a third-party.

Why does a SOC 2 certification matter when evaluating referral and loyalty software vendors?

At SaaSquatch, our mission is to fuel your growth with referral and loyalty programs, and that should be all you need to focus on. You can’t afford to spend time worrying about the security of your customer data, so it’s critical to choose a trusted partner.

If you care about the security of your customer data, SOC 2 Type II accreditation needs to be an important factor when evaluating referral and loyalty software. Why?

– The vendor’s commitment to security has been proven over time

A Type II certification means that a company’s security procedures have been actively monitored over a period of time by independent auditors to ensure accuracy and effectiveness. This means that the ways in which your customer data is being managed have withstood the most rigorous security audit in the industry.

When it comes to being secure, a Type II certified company doesn’t just talk the security talk, but walks the walk.

– Your company’s security, financial, and reputational risks are mitigated

When you rely on cloud providers to store and send your customer data, there’s an increased risk for unauthorized interception and fraudulent access. Even the most established corporations like Yahoo and Sony have felt the debilitating repercussions of data breaches, not just financially but through a loss of (often irreplaceable) customer trust.

If you want to greatly reduce your company’s chances of ending up in the news as the most recent security breach, don’t put your customer data at risk. Choose a vendor who can prove that they’re committed to keeping it secure.

– Your organization can operate with peace of mind

SOC 2 Type II compliance is only achieved by companies with mature, established, and independently-approved business processes, and whose dedication to security spans every department from HR, finance, development, and customer success.

Choosing a SOC 2 certified referral and loyalty program vendor means that you can rest easy knowing that the security of your customer data is a priority as you focus on growing your business.

What’s next?

The SaaSquatch SOC 2 Type II report represents the auditor’s attestation of how we protect, regulate, and control the customer data that we collect.

Our current report covers an audit period from March 1st, 2020 to August 31st, 2020, and we’re committed to completing audits on an annual basis to ensure continual compliance.

We know that cloud data security is more important than ever before, and we will continue to invest in building a secure enterprise referral, loyalty and rewards platform that digital businesses can trust. Learn more about our enterprise solutions here.

Wan to learn more about our commitment to security?

Get In Touch