Our customers and users trust us with their content and documents. We take that very seriously and address security in many ways. To continue being one of the best cross-platform eSignature solutions for millions of users worldwide, we recognized the need to illustrate our commitment to security by undergoing the rigors of SOC 2 compliance.
A SOC 2 assessment report provides detailed information and assurance about a service organization’s security, confidentiality, availability, processing integrity, and/or privacy controls, based on their assurance of compliance with the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria (TSC). A SOC 2 report is often the primary document that security departments rely on to assess a vendor’s ability to maintain adequate security.
SOC 2 compliance comes in two forms: a SOC 2 Type 1 report which describes the design of a service provider’s system controls to meet relevant trust criteria as of a specific point in time; and a SOC 2 Type 2 report which details the operational effectiveness of those systems controls to perform as designed over a specified period of time. These reports follow audits performed by independent third parties, our auditors Dansa D’Arata Soucia LLP, who specialize in such security assessments. Collaborating with Vanta and using their continuous security monitoring platform helped us to meet our audit requirements as well as meet our SOC 2 scheduled assessment timelines.
We have completed SOC 2 Type 1 and are in the process of the requisite assessments over time to complete SOC 2 Type 2.
We wanted to assure our customers that we have been invested in building security programs that provide adequate protection to the information shared with us by maintaining a framework that is repeatable, doable, and can be modified to consistently comply with industry and regulatory requirements. Through this SOC 2 initiative, it is important for us to help our customers by ensuring that their data is secure, is kept confidential and is available to them when they need it.
We are proud that our systems controls’ design met or exceeded the rigors of SOC 2 Type 1 assessment and are eager for the requisite time to measure and achieve SOC 2 Type 2 compliance as well.