AnnounceKit is now a SOC 2 Type I Compliant.
The first rule of AnnounceKit Club is you do talk about security.
Security has been of primary importance for AnnounceKit from day one. With our commitment to delivering high standards of security to our customers, we’ve started a journey several months ago.
After a hundred requirements, documents, practices, and tasks, we have successfully gone halfway down. We managed to demonstrate our commitment to protecting our customers.
Today, therefore, we are really proud to announce that we passed SOC 2 audit and are now officially SOC 2 Type I Compliant!
Passing the audit means we operate our services pursuant to the SOC 2 standard, and serve in accordance with the principles of security, availability, processing integrity, and confidentiality.
This is not the end, we still have halfway ahead. Now it’s time to complete the SOC 2 Type 2 audit, which will ensure that we are sustainable with our security standards and data protection.
Before all that, you might be wondering about the details of SOC 2, trust service principles, and our journey. Then, let me invite you to accompany us!
What is SOC 2?
First things first, let’s start with the definition.
SOC 2 (System and Organization Controls) is a compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which attests that the related organization is designed and operated securely pursuant to Trust Service Principles andAICPA standards.
SOC 2 reports are issued for the organizations that offer software services to other organizations. These reports provide assurance to the users that this organization delivers the highest standards of security.
Many people still think SOC 2 report is a certification. However, it is not just like that. A SOC 2 is an attestation report that is issued to show whether or not the AICPA agrees with the organization’s assertion of privacy and security of their service. So, it is an attestation rather than a certification.
According to the AICPA auditing standards, there are two levels of SOC reporting, Type I and Type II.
- Type I describes the system of the organization and whether the system is secure and designed pursuant to the trust service principles of SOC 2.
- Type II describes if the system specified in Type I is maintained efficiently and securely over a period of 9 to 12 months.
Trust Service Principles
SOC 2 consists of 5 principles and includes a number of criteria related to them. These five principles were formed according to the AICPA Trust Services Principles and Criteria.
Availability means that the system is available foroperational activities, the user can have access to the system, and understand what they are getting by using your service, whether it meets their objectives. This principle is regulated by performance monitoring, disaster recovery, and incident handling.
Security refers to considering both front and back-end controls to protect customer data. An organization needs effective policies and procedures to protect itself in case of a security breach resulting in unauthorized access to data. Firewalls,Intrusion Detection, and Multi-factor Authentication can be used for that purpose.
Confidentiality means that the service must be protected with Encryption, Access Controls, and Firewalls to prevent unauthorized access.
ProcessingIntegrity refers to that the system processing should be valid, accurate, timely, complete, and authorized to meet organizational objectives. Quality assurance and process monitoring can be important to fulfill these objectives.
Privacy means that user data must be gathered, used, and disclosed in a trustworthy manner. Theoperating procedures of a company must be consistent with the data privacy policy.
Why is SOC 2 Compliance Important?
The new technology world requires data security more than ever. Companies need to be sure if their data will be protected effectively prior to deciding to buy a software service.
Having SOC 2 reports, in that sense, provides a competitive advantage, as people want to work with services that have invulnerable information security standards.
It also provides improved information security practices and guidelines in case of cyber attacks and breaches, which makes you maintain your operational activities in a secure way.
Completing Our SOC Journey
It has been worth every moment of our hard work to demonstrate our commitment to delivering high standards of security to our customers.
Badges? Yes, proud to have but they are only a showcase. Our commitment comes from the ❤️