Growth Tree Background

SaaSquatch Begins SoC 2 Audit Process

Home » Blog » SaaSquatch Begins SoC 2 Audit Process

September 30th, 2020: SaaSquatch is officially SOC 2 Type II certified. Learn more in our most recent announcement. 


Protecting the integrity of your customer data is at the heart of everything we do at SaaSquatch.

When you work with a leading customer referral and loyalty platform, you deserve to be confident that your user data is monitored in accordance with the industry’s highest standards.

This is why SaaSquatch has entered the readiness phase of earning our SoC 2 Type II certification, with the audit window beginning in February 2020 -- An achievement that represents our continued commitment to building on trustworthy customer relationships.

If you care about the integrity of your user data, learn why a SoC 2 certification must be a top criteria when evaluating referral software vendors.

What is SoC 2 Type II compliance?

SoC 2 ("Service Organization Control 2") is an internationally-recognized certification developed by the AICPA. It acts as third-party assurance to verify that a service provider is committed to following the highest standards of security when it comes to managing customer data.

The requirements are specifically designed for companies like SaaSquatch that store customer data in the cloud. Leading organizations like Microsoft and AWS (Amazon Web Services) choose to demonstrate their commitment to security through SoC 2 certification.

SoC 2 Type I VS Type II

A SoC 2 Type I designation states that a company has the necessary systems and procedures in place to meet the Soc 2 requirements.

SoC 2 Type II shows that a company is committed to upholding these security principles over a specific period of time (6 months). Expertly-trained auditors have verified the use and effectiveness of the security controls that a company has in place, confirming that customer data is actively being protected.

In other words, a Soc 2 Type II accreditation means that any customer data you send to SaaSquatch (to facilitate referral and loyalty programs) is being managed in a secure and audited environment.

Why does SoC 2 matter when choosing a referral software vendor?

You can’t afford to worry about the integrity and security of your customer data when using a referral and loyalty platform. At SaaSquatch, our mission is to fuel your growth, and that should be all you need to focus on.

It's critical to choose trusted partners when your customer data is involved, and our SoC 2 compliance will deliver the transparency and confidence needed to ensure you’re in good hands.

If you care about the integrity of your customer data, SoC 2 Type II accreditation needs to be included in your referral software evaluation criteria. Why?

 - The vendor’s commitment to security has been proven over time

A Type II certification means that a company’s security procedures have been monitored over a period of time by independent auditors. When it comes to being secure, a Type II certified company doesn’t just talk the talk, but walks the walk.

With a certified vendor, you can be confident that the ways in which your customer data is being managed have withstood the most rigorous security audit in the industry.

 - Your company’s security, financial, and reputational risks are mitigated

As more and more information is exchanged in the cloud, there’s an increased risk for unauthorized interception and fraudulent access. Even the most established corporations like Yahoo and Sony have felt the debilitating repercussions of data breaches, not just financially but through a loss of (often irreplaceable) customer trust.

If you want to greatly reduce your company’s chances of ending up in the news as the most recent security breach, don’t put your customer data at risk. Choose a vendor who understands the importance of keeping it secure.

 - Your organization can operate with peace of mind

Soc 2 Type II compliance is only achieved by companies with mature, established, and independently-approved business processes, and whose dedication to security spans every department from HR, finance, development, and customer success.

Choosing a SoC 2 certified referral program vendor means that you can rest easy knowing that the integrity of your customer data is a priority as you focus on growing your business.

To read more about the importance of SoC 2 compliance in vendor sourcing, please refer to this article.

How does SaaSquatch earn SoC 2 Type II compliance?

Soc 2 Type II compliance is earned as the result of a successful 6-month audit by an independent firm. At SaaSquatch, we are working with BARR Advisory to facilitate the audit.

It is by no means a quick and easy process, but rather a diligent examination of our internal security policies, procedures, and controls.

As a result, every employee is equipped with a clear and complete understanding of what it means to uphold security standards.

At the end of the successful audit period, our official Soc 2 Type II report lets us:

  • Formally communicate to our customers exactly what they can expect from us in terms of data integrity
  • Answer specific questions related to data handling and procedures
  • Demonstrate our continued commitment to security through the assurance of a third-party

What are our next steps?

At SaaSquatch, we aim to have our SoC 2 Type II certification completed by the end of 2020.

But a dedication to security doesn't stop there. Once obtained, we are committed to completing the annual audits necessary to maintain our compliance and raise our security standards.

Ready to work with a trusted partner? Get in touch!