What is SOC 2 Type II compliance?
SOC 2 (“Service Organization Control 2”) is an internationally-recognized certification developed by the AICPA. It acts as third-party assurance to verify that a service provider is committed to following the highest standards of security when it comes to managing customer data.
The requirements are specifically designed for companies like SaaSquatch that store customer data in the cloud. Leading organizations like Microsoft and AWS (Amazon Web Services) choose to demonstrate their commitment to security through SOC 2 certification.
A Type II certification means that not only has the company implemented the proper security controls, but the effectiveness of these processes has been verified by expertly-trained, third-party auditors, and the company was determined to be compliant over a period of time, ultimately demonstrating proof of continued commitment. Learn more about the difference between Type I and Type II reports.
In other words, a SOC 2 Type II certification confirms that any customer data you send to SaaSquatch (to facilitate referral and loyalty programs) is actively being managed in a secure and audited environment.
What was the process to become certified?
SOC 2 Type II certification is earned as the result of a successful 6-month audit by an independent firm.
To prepare for this diligent examination of our internal security policies and controls, we partnered with Vanta to help us automate the collection of our audit evidence. We also worked alongside experienced hackers from HackerOne to gain insights from their industry-leading penetration testing services.
After implementing the necessary security policies and processes, we worked with BARR Advisory to facilitate the audit, successfully receiving our certification on September 30th, 2020.
Our official SOC 2 Type II report lets us demonstrate our continued commitment to security through the assurance of a third-party.
Why does a SOC 2 certification matter when evaluating referral and loyalty software vendors?
At SaaSquatch, our mission is to fuel your growth with referral and loyalty programs, and that should be all you need to focus on. You can’t afford to spend time worrying about the security of your customer data, so it’s critical to choose a trusted partner.
If you care about the security of your customer data, SOC 2 Type II accreditation needs to be an important factor when evaluating referral and loyalty software. Why?
– The vendor’s commitment to security has been proven over time
A Type II certification means that a company’s security procedures have been actively monitored over a period of time by independent auditors to ensure accuracy and effectiveness. This means that the ways in which your customer data is being managed have withstood the most rigorous security audit in the industry.
When it comes to being secure, a Type II certified company doesn’t just talk the security talk, but walks the walk.
– Your company’s security, financial, and reputational risks are mitigated
When you rely on cloud providers to store and send your customer data, there’s an increased risk for unauthorized interception and fraudulent access. Even the most established corporations like Yahoo and Sony have felt the debilitating repercussions of data breaches, not just financially but through a loss of (often irreplaceable) customer trust.
If you want to greatly reduce your company’s chances of ending up in the news as the most recent security breach, don’t put your customer data at risk. Choose a vendor who can prove that they’re committed to keeping it secure.
– Your organization can operate with peace of mind
SOC 2 Type II compliance is only achieved by companies with mature, established, and independently-approved business processes, and whose dedication to security spans every department from HR, finance, development, and customer success.
Choosing a SOC 2 certified referral and loyalty program vendor means that you can rest easy knowing that the security of your customer data is a priority as you focus on growing your business.
The SaaSquatch SOC 2 Type II report represents the auditor’s attestation of how we protect, regulate, and control the customer data that we collect.
Our current report covers an audit period from March 1st, 2020 to August 31st, 2020, and we’re committed to completing audits on an annual basis to ensure continual compliance.
We know that cloud data security is more important than ever before, and we will continue to invest in building a secure enterprise referral, loyalty and rewards platform that digital businesses can trust. Learn more about our enterprise solutions here.