SOC 2 Compliance and Cybersecurity: How it works

This is a special blog post to us, as we are Officially SOC 2 Type II Compliant, with the help of Scytale. 

Before we get into our SOC 2 audit and what it means to Vaultree and our customers, let’s break down what exactly SOC 2 compliance is.
 

What is SOC 2 Compliance? 

SOC 2 is a voluntary compliance standard for tech companies with cloud-based products and specifies how an organisation should manage customer data. The compliance guidelines set by the AICPA (American Institute of Certified Public Accountants) ensure services are secure, available, and confidential and that InfoSec best practices are in place.

These guidelines contain five Trust Services Criteria that represent the pillars of cybersecurity best practices:

Security: Protecting information from vulnerabilities and unauthorised access using strong encryption algorithms

Availability: Ensuring employees and clients can rely on their systems and data through an always-encrypted and searchable end-to-end encryption approach

Processing integrity: With a Plug and Play SDK, the system and customers’ data have their integrity guaranteed

Confidentiality: Our fully end-to-end encrypted solution contributes to reducing the risk of data leaks

Privacy: Safeguarding sensitive personal information against unauthorised access

SOC 2 audits have two types of reports:
 

Type I report – With a shorter audition time, a SOC 2 Type I reports on relevant trust service criteria controls. 

Type II report – A SOC 2 Type II covers a longer period, usually three-to-twelve months. It's a more robust take on relevant security aspects. 

What does being SOC 2 compliant mean to Vaultree?

Data breaches are on the rise and, as companies need to protect their data, they must also comply with industry standards and federal regulations. As the world’s first fully functional data-in-use encryption technology, security and compliance has been our highest priority from day one, ensuring robust protection of customer data.

Being SOC 2 compliant means we can provide a report as official proof that we comply with the globally-recognized information security standard. 

Additionally, it's about ensuring we have the highest levels of information security policies, controls and practices throughout our organisation, earning the trust of our customers and partners! 

So what exactly was audited?

We were audited on our internal security controls, relevant to our business operations and multiple tests were done to ensure our security controls were implemented and operating effectively.

We are very proud to have the "official" stamp that recognizes our data protection best practices. With our report, not only do we meet the SOC 2 standards, but we've enhanced security oversight across all our business areas

All SOC audits are performed by an independent CPA (Certified Public Accountant). In our case, Scytale’s hands-on SOC 2 guidance and automation technology helped us fully prepare for it, tailoring SOC 2 controls relevant to Vaultree's infrastructure, software, process, people and data.

How Vaultree's SDK can help partners and customers become SOC 2 compliant

Being SOC 2 compliant is an important step for Vaultree. Our customers trust our solution to solve the fundamental security issue of persistent data encryption and therefore, trust us with their sensitive data. SOC 2 compliance is the best way to assure our customers that they can place full confidence in our solution.

Our customers are at the forefront of every decision we make. Demonstrating a SOC 2 report to our customers and prospects proves our commitment to sound security standards and shows they are partnering with a company that takes security seriously.

Vaultree's SDK follows the best data security and privacy practices with innovative encryption technologies. Our internal SOC 2 compliance audit allows us to go further, preparing our product and our professionals to help our partners and customers leverage their cybersecurity goals to also be SOC2 compliant.

What comes next in Vaultree’s SOC 2 compliance?

When it comes to SOC 2, maintaining compliance is critical and therefore, we are committed to renewing our SOC 2 report annually. We will continuously monitor our compliance effectiveness, update all necessary policies and procedures and undergo risk management in the interim.