Editor's Note: Proxyclick is now certified yearly through two independently audited SOC2 and ISAE 3000 assurance reports.
At Proxyclick, we take data security seriously. In fact, it’s part of our culture and we treat it as an ongoing process.
That’s why our SOC 2 Type II certifications are crucial.
What is SOC 2 and why is it important for a SaaS company?
SOC 2 (Service Organization Control) is a procedure attesting company’s commitment to rigorous standards of data protection and processing integrity. You can think of it in terms of quality control, which helps with regulatory compliance.
What’s great about SOC 2 is that it’s an independent certification provided by external auditors. They take a deeper look at our privacy & security designs and put our operational controls to the test. SOC 2 auditors look at the following criteria:
Security - protecting Proxyclick against unauthorized access or changes
Availability - ensuring that Proxyclick will be up and running as needed
Processing Integrity - performing all visitor transactions correctly
Confidentiality - maintaining the privacy of information in the system
Privacy - appropriately handling personal data (from visitors and hosts)
What’s the difference between SOC 2, Type I and Type II?
The Type I certification looks at our security and privacy requirements and translates them into measurable principles Proxyclick should uphold. This first step was done back in February 2018.
The Type II certification assesses how these previously defined PrivSec principles have been upheld over a span of time. In practice, the auditors leave some time to allow the company to implement and build on their designs and controls. (Saying and doing are two very different things!) As of January 2021, we have successfully completed our SOC 2 Type II certifications for both our Privacy and Security principles. This is a yearly recurring process to ensure we stay on our toes.
True, there are other quality-assurance certificates which demonstrate good in-house processes, and which show that a company is committed to improvement of information and management systems.
But unlike other quality assurance certifications (like ISO 9001 or ISO 27001), SOC 2 is specifically adapted to the controls and operations of a SaaS company like Proxyclick.
“Listening to our customers’ needs is deeply ingrained in our company culture. Hence, after we observed recurring questions about data and security measures at Proxyclick during our customer conversations, we decided to take action.
We wanted to communicate that our internal procedures and infrastructure meet the most diligent security and privacy norms and guidelines. A good way to do that is a certification performed by independent auditors and SOC 2 is really the go-to choice for SaaS providers like us,”— Jean-Bernard Van Zuylen, CTO, Proxyclick
In other words, by obtaining the SOC 2 certification, we prove to be a trustworthy business partner who takes your data seriously.
We’re doing our best to keep our software and data secure, and we’ll continue to improve the integrity of our processes year after year.