Product Updates
·
3 min
read
Announcing SOC 2 Type II and SOC 3 Certification
We are happy to announce that Specify has obtained both SOC 2 Type II and SOC 3 certificates! These certifications are a testament to Specify’s commitment to security and data privacy.
We are happy to announce that Specify has obtained both SOC 2 Type II and SOC 3 certificates! These certifications are a testament to Specify’s commitment to security and data privacy.
What are SOC certificates?
The SOC (System and Organization Controls) framework was developed by the American Institute of Certified Public Accountants (AICPA) to help organizations establish and maintain effective controls over their systems and data. SOC 2 Type 2 and SOC 3 certificates are two types of SOC reports that are issued by independent auditors to verify that a company’s security controls are operating effectively over a period of time. SOC certificates evaluate information systems based on five essential ‘trust service principles’: security, availability, processing integrity, confidentiality, and privacy.
Why do SOC certificates matter in our industry?
The certificates provide third-party validation, affirming that an organization adheres to security best practices. This certification signals a profound commitment to cybersecurity, instilling confidence and trust for companies engaging with our service. Showing that we obtained the certificates is therefore important because they demonstrate that Specify has implemented and adhered to strict security controls and procedures.
Our SOC journey?
Our journey began early 2023 with obtaining the SOC 2 Type I certificate. To be able to obtain it we had to perform a gap analysis and put together controls that we had to implement in order to be SOC 2 compliant. What followed was a Type I point-in-time audit ending up with a validation that our controls were operating properly.
The six-month assessment for our SOC 2 Type II audit was an intense test, presenting endless pieces of evidence for SOC 2 compliance. The hard work paid off – we passed successfully!
What's on the horizon?
In addition to SOC 2 Type II and SOC 3, we've introduced Single Sign On (SSO) earlier in 2023, reinforcing our commitment to top-notch security. Our substantial investments in this topic continue to address our customers' evolving needs. For a copy of our SOC 2 or SOC 3 report, don't hesitate to reach out!