Editor's Note: Since the publishing of this blog, Proxyclick has successfully attained SOC 2 Type II renewal.
At Proxyclick, we take data security seriously. In fact, it’s part of our culture and we treat it as an ongoing process. That’s why we decided to get SOC 2 Type II-certified.
What is SOC 2 and why is it important for a SaaS company?
SOC 2 (Service Organization Control) is a procedure attesting company’s commitment to rigorous standards of data protection and processing integrity. You can think of it in terms of quality control, which helps with regulatory compliance.
What’s great about SOC 2 is that it’s an independent certification provided by external auditors. They visited Proxyclick’s office in Brussels, and made sure that we had the controls in place and met the following criteria:
Security - protecting Proxyclick against unauthorized access or changes
Availability - ensuring that Proxyclick will be up and running as needed
Processing Integrity - performing all visitor transactions correctly
Confidentiality - maintaining the privacy of information in the system
Privacy - appropriate handling personal data (from visitors and hosts)
What’s the difference between SOC 2, Type I and Type II?
Type I shows that we met all the requirements at a specific point in time. This is attested by a detailed, 43-page long report produced by the auditors. We validated that first stage back in February 2018.
Type II shows that we kept our commitment to the security principles over a specific period. Practically, the auditors show up after six months to make sure that we really did what we told them we were doing. Because saying and doing are two different things. We have successfully completed our SOC 2 Type II audit in November 2018.
True, there are other quality-assurance certificates which demonstrate good in-house processes, and which show that a company is committed to improvement of information and management systems.
But unlike other quality assurance certifications (like ISO 9001 or ISO 27001), SOC 2 is very well adapted to the controls and operations of a SaaS company like Proxyclick.
“Listening to our customers’ needs is ingrained in our company culture. Hence, after we noticed that questions about data privacy measures in Proxyclick came up a lot in our conversations, we decided to take action.
We wanted to communicate that our internal procedures and infrastructure meet the most diligent security norms and guidelines. A good way to do that is a certification performed by independent auditors and SOC 2 is really the go-to choice for SaaS providers like us,”— Jean-Bernard Van Zuylen, CTO, Proxyclick
In other words, by obtaining the SOC 2 certification, we prove to be a trustworthy business partner.