PreVeil is proud to announce that we have successfully completed our SOC 2 Type 1 certification for the Security principle. SOC 2 Type 1 is the gold standard for security compliance for SaaS companies. By passing an independent 3rd party audit of our security processes , we have demonstrated that clients can be fully confident in the availability and confidentiality of their email and files stored in the cloud.
Achieving SOC 2 Type 1 compliance was not an easy task for a young cybersecurity startup like PreVeil. In order to meet SOC 2 compliance, companies have to go through a rigorous process. However, we gladly submitted to the rigor of the SOC 2 path because we are laser focused on data security. Furthermore, we wanted to demonstrate to our customers that our goal is minimizing customer risk and maximizing product quality for the users of our platform.
This post will share what SOC 2 compliance means, how SOC 2 has impacted our company and what SOC 2 means for our clients.
WHAT IS SOC 2 COMPLIANCE?
The Service Organization Control (SOC) reporting platform was created by the American Institute of CPAs (AICPA) to help companies get a handle on the numerous security issues surrounding data management. AICPA wanted to ensure there was a framework both vendors and customers could refer to for standardizing the process.
PreVeil has achieved certification for meeting the standards for the Security principle. The Security principle is designed to provide the protection of systems and information during the collection, use, processing and transmission and storage of data. According to this principle, systems must be protected against unauthorized access and other risks that could impact PreVeil’s ability to provide the services we promise our clients.
SO, WHAT DOES SOC 2 COMPLIANCE MEAN FOR PREVEIL?
While the SOC 2 standard hasn’t impacted our end-to-end encryption protocols for email and files, it has meant a company-wide embrace of new security practices.
To become SOC 2 compliant, we had to initiate and enforce protocols surrounding tracking of software bugs, which engineer implemented the fix and when was the update implemented. We also had to track more basic issues such as which devices in the office could access company data and how we update and maintain internal passwords.
Achieving SOC 2 compliance means that the whole team must also adhere to rigorous processes for:
- Lifecycle of updates to the PreVeil service
- Changes to internal working policies
- Additions, modifications or deletions of users
- Changes to authority levels in access approvals
- Reviews of security monitoring events
As a result of this rigor, we are able to monitor and minimize the risk from changes to our software environment and from our individual actions. Clients can rest assured that PreVeil is taking the necessary steps to minimize their potential vendor risk.
WHAT DOES SOC 2 COMPLIANCE MEAN FOR PREVEIL CLIENTS?
For enterprises looking to bring on third party contractors, PreVeil’s SOC 2 compliance indicates a level of process maturity that minimizes risk and focuses on the security of customer data.
PreVeil’s SOC 2 compliance means that its risk mitigation includes activities such as the development of planned policies, procedures, communications and alternative processing solutions to respond to and recover from any event that could disrupt business. With this commitment, PreVeil is able to ensure the impact of any possible risk to the client is minimized.
PreVeil continuously commits itself to leading the industry in providing easy to use end-to-end encryption for email and files. SOC 2 compliance is an integral part of this commitment, and we continue to monitor and improve our processes to minimize client risk and ensure the protection of client data.
If you want to learn more about PreVeil’s SOC 2 processes or secure email and file sharing for the enterprise, contact PreVeil to request a demo.