After weeks of documentation, research, and reporting, we are stoked to announce that RevenueHero is now SOC 2 Type 1 compliant. Given that we process your potential customers’ information, this was an obvious thing that we wanted to do.
But what is SOC 2?
Today, companies are increasingly moving to cloud-based data platforms and they need to prioritize robust protection for their sensitive information, including Personally Identifiable Information (PII) and intellectual property.
To meet this requirement, a trusted third party performs a thorough assessment called SOC 2, providing objective assurance. An independent auditor issues the SOC 2 report, which presents a comprehensive depiction of the platform's architecture, data flow, processes, controls, and an audit opinion.
What does it mean for you?
If I have to remove all the jargon and legal speak, this essentially means that RevenueHero added an additional level of security for you.
The audit completed at this time is SOC 2 Type 1. It is an independent validation of RevenueHero’s commitment to meeting customers’ requirements and to implementing a robust compliance program.
Specifically, the auditors determined that RevenueHero is architected according to security best practices from the ground up.
Achieving SOC 2 Type 1 requires meticulous documentation of the controls that are already in place, such as:
- Secure product development lifecycle.
- Stringent access control based on the least privileged access principle.
- Robust logging, monitoring, events correlation, and alerts.
- Comprehensive vulnerability management with internal and external scans, penetration testing, and code reviews.
- Extensive employee security awareness training.
Surely your legal and security team requires a more detailed version of the report. So when they ask for it, just drop us a note at firstname.lastname@example.org.
So, what’s next?
With the SOC 2 Type 1 report, the auditors gave their opinion on the design of controls.
In the next few months, apart from all the new capabilities to help #MakeBuyingSimple for you, we’ll be gearing up to achieve SOC 2 Type 2 certification. Achieving the Type 2 report will validate the operational effectiveness of these controls.
If you'd like to take RevenueHero for a spin, let's chat.