Launched: SOC 2 Type II Certified

26

This week we are happy to announce that we have achieved SOC 2 Type II certification. You may recall that last year we worked with an independent auditor to receive our SOC 2 Type I report. There are actually two kinds of SOC 2 reports—Type I and Type II.

What’s the Difference?

Type I reports on whether the systems are suitably designed. Providing an overview of the systems a SaaS platform has in place to satisfy the Trust Principles it’s being audited on. This type of report looks at your company and your procedures to determine whether they are designed to do the job you say they do. For instance, does your service correctly control access the way you say it does? However, a Type I report doesn’t take into consideration how well these actually work in practice—for that, you need a Type II report.

Type II reports look at the actual outcomes of the system and if it’s operating as designed. The report audits how well your software, team, and procedures worked with actual data within the evaluated timeframe. Were there any significant service outages? Were there any security incidents? Was the data handled effectively? Did your service effectively manage features for the allotted time, 6 months in our case, the auditors evaluated your system?

Type II Is All About CONSISTENCY

The Type II reports are what your customers really want. When a customer is trusting your service to run a portion of their business, they want to see proof your system operates effectively over the long term. And enterprise organizations like working with products that conform to the highest standards of the AICPA and that your practices back up your promises.

With a SOC 2 Type II report, you can provide customers evidence that you accomplish what you claim. You can show that external auditors have agreed that the control systems you have in place work as you say they do, and were observed over an extended period. This is not just about closing a deal, this is a key part of establishing trust that our customers can feel confident they can pass along to their customers.

Adam has over 20 years of experience working in a variety of roles from software engineering through to technical sales. He has worked in both enterprise and consumer companies such as VMware, EMC, and GitHub. Adam is driven by a passion for inclusive leadership and solving problems with technology. One additional objective is to be a part of a diverse and equitable company. Not simply an organization that accepts diversity, but one that actively pursues a more diverse and inclusive team as a imperative for building better products and services. Adam is also an Advisor for a number of startups and nonprofits. His perspective on life has been shaped by a background in Physics and Visual Art, an ongoing adventure as a husband and father, and a childhood career as a fire juggler.