We take customer privacy and data security seriously at UXCam. That’s why we’re proud to announce that we’ve achieved System and Organization Controls 2 (SOC 2 Type I and Type II) compliance.
SOC 2 is a type of audit report that gives organizations and stakeholders peace of mind that their services are securely provided. Our security and compliance team spent months evaluating our controls and identifying potential policy and procedures gaps to prepare for our audit, and we are thrilled that this effort was awarded with a full certification.
What is SOC 2 compliance?
SOC 2 is an audited certification that assesses data security standards and the information management capabilities of service providers that store client data in the cloud. This critical audit is essential for enterprise companies and multinationals who use SOC 2 audit reports to verify their vendor’s data management processes.
What are the trust principles of SOC 2?
The SOC 2 audit and compliance processes are based on five core trust principles.
- Security: SOC 2 compliant organizations must guarantee the complete security of customer data from theft, alteration, destruction, unauthorized access, and any other manipulations of their information.
- Availability: This refers to how accessible the system, products, or service are, as documented by a contract or service level agreement (SLA). Availability asks whether the system is available for operation and used as agreed upon by vendors.
- Processing integrity: This principle checks if the system processing is complete, accurate, timely, and authorized. Is data being delivered at the right place at the right time?
- Confidentiality: If companies deal with personally identifiable information, this principle must be presented in the audit report. This principle addresses the agreements we have with clients on how we use their information, who has access, and how it’s protected.
- Privacy: The privacy principle addresses how we collect and or use consumers’ personal information and whether they have the right to opt-out of how their information is used. By abiding by this principle, companies ensure that customer data handling abides by the privacy notice that’s been defined and agreed upon.
As an organization that provides cloud services, SOC 2 Type I and Type II compliance aligns with our core values of establishing trust with our customers and stakeholders.
We want to give a big thank you to compliance management solution Vanta for streamlining and automating parts of the process. To learn more about security at UXCam, take a look at our approach to privacy and security and our privacy statement.