The SOC 2 framework applies to Software as a Service (SaaS) companies that want to better safeguard the privacy and security of customer data.
We’re happy to announce that Smartlook has received its SOC 2 Type II compliance certification. With the new certificate, we want to underline our effort towards better privacy and security standards of our clients’ data.
What is SOC 2 compliance?
The American Institute of Certified Public Accountants (AICPA) established the Service Organization Control 2 (SOC 2) standard.
SOC 2 certificate is a voluntary compliance standard that assesses the procedures and control processes in an organization. It simply sets an international standard for collecting and exchanging information.
There are two types of SOC 2 audit reports:
- Type I – describes the company’s systems and controls and the suitability of the design of those systems
- Type II – checks the operating effectiveness of systems described in the Type I report
While General Data Protection Regulation (GDPR) is a gold standard for privacy compliance, SOC 2 holds the gold standard crown for security compliance. It’s especially important for companies that process any type of personal data.
An external auditor awards the SOC 2 certification after verifying the company’s compliance with 1 or more of the 5 trust service principles:
- Privacy
- Security
- Availability
- Confidentiality
- Processing integrity
Smartlook’s approach to privacy and security
From day 1, at Smartlook, we’re fully aware of our responsibilities toward our customers, stakeholders, employees, and the communities we participate in. This is why we want to align our organization with the strictest set of standards available.
How we support our clients in privacy-compliance
Our tool was designed according to “privacy by design” principles. It means Smartlook supports your and your end users’ privacy by:
- Hiding sensitive data (wireframe mode, masking fields)
- Enabling personal data collection after a proactive sign from the user
- Anonymizing personal data or limiting its collection to the minimum by default
With those privacy safeguards in place, the tool gives you control over what type of data you track and collect. As a result, it’s easier for your business to stay in line with worldwide privacy regulations.
How we apply security measures to safeguard our clients’ data
We process our clients’ payments through a provider that is PCI Data Security Standard-compliant. It ensures that all transactions are protected.
In May 2021, Smartlook as a company became SOC 2 Type I-compliant. From December 2021, it’s also SOC 2 Type II-compliant. The external independent auditor examined Smartlook’s compliance with the AICPA guidelines in accordance with the ISAE 3000 standard.
We got certified in the 4 trust service principles, including:
- Privacy
- Security
- Availability
- Confidentiality
What does the SOC 2 certification mean for your business?
As a SaaS company, information security is of key importance. SOC 2 audit ensures that we securely manage your data and protect your interests. It also refers to the privacy of your end-users.
SOC 2 is another step in our journey towards full security compliance. The certification shows that companies of all sizes can trust our processes and controls around:
- Data security and privacy (access controls, endpoint protection, infrastructure)
- Software development (change management, vulnerability testing, disaster recovery plan (DRP))
- Corporate governance (laws and regulations compliance, confidentiality, HR management)
Our commitment to data security and further plans
Meeting SOC 2 compliance establishes a new quality for our customers, who have the assurance that their data is safe according to the latest industry standards. This standard applies to all companies, regardless of whether they are a small, medium or large enterprises.
SOC 2 audits are our ongoing commitment to improving our privacy and security practices. That’s why we’ll renew the SOC 2 Type II certification every year, so you know that your data is safe with us.
