Category: Product Update
Last updated on Mar 1, 2023
We are delighted to announce that Document360 is now SOC 2 Type 2 certified. This is a significant milestone for Document360 in providing its customers the best data security standards in the world.
SOC 2 Type 2 is a compliance certification issued by the American Institute of Certified Public Accountants (AICPA) to companies meeting their stringent security standards. It is considered one of the most coveted and meaningful security achievements in software.
There are two levels of Service Organization Control (SOC) 2 certification. While SOC 2 Type 1 audit assesses the effectiveness of the security practices in a company, SOC 2 Type 2 verifies that the security practices are being implemented efficiently.
Achieving SOC 2 Type 2 compliance is important because it ensures that the company does not just design adequate security controls but also follows all the practices meticulously. The process involves an audit where an external auditing agency evaluates our security controls. We roped in Deloitte as our external auditing firm, which comes with a reputation and extremely stringent measures.
When a product company achieves SOC 2 Type 2 compliance, it has adopted the leading industry data protection and security standards. Document360 customers can now be confident that we have implemented the highest measures of security to protect their data and that of their clients. We believe that this will give many customers, who often deal with sensitive information, peace of mind that their data is safe with us.
The audit evaluated the effectiveness of our security controls in protecting customers’ information, how fast their information can be recovered and be made available after an attack or theft and the mechanisms in place to trace such an attack.
The frequency of hacking incidents for data theft, tampering, and eavesdropping are growing. Their vendors’ lack of strict security protocols can cost them finances, clients, trust and brand reputation, which they have worked so hard to build.
The extensive compliance process led us to address many cyber security requirements to prevent such incidents in the future. This is how seriously we at Document360 take the security of data that belongs to our customers and their clients.
With the help of the external auditing agency, we defined 27 policies and procedures and had to undergo three assessments.
SOC2 Readiness Assessment – Definition of controls applicable to our business
SOC 2 Type 1 Assessment – Audit on the design of the controls
SOC2 Type 2 Assessment – Audit on the operational effectiveness of the controls
Besides the audit, we also engaged with another third-party consulting company to ensure our policies in Document360 adhere to industry standards and are implemented according to best practices.
Gaining SOC 2 can be highly complicated for a product company like us based out of UK and India and with an employee strength of close to 250. However, we decided to invest in security and work harder to ensure data security is a priority in all our future actions and decisions. The process took us over 18 months, producing hundreds of evidence to meet the audit requirements.
As a result of the audit, overall changes were implemented across our internal practices to improve the products and organization’s security posture. On top of this, every person within the company was given an information security awareness training.
Security: The extent to which our security practices can protect information against unauthorized access and disclosure. Organizations with extremely secure controls can prevent the potential compromise of their data.
Availability: The extent to which clients can obtain information through client-facing applications. This focuses on the accessibility of pertinent systems rather than the usability or efficacy of system components.
Processing Integrity: The level at which the procedures in place perform on our objectives, without errors in accuracy, authorization, and timeliness.
Confidentiality: The degree to which confidentiality of information is maintained between collection and deletion from the infrastructure. Information is considered confidential if its access and disclosure are restricted to defined parties.
Privacy: The level to which entities protect sensitive personal information during collection, retention, disclosure, and disposal.
Our main priority at Document360 has always been building and maintaining customers’ trust in our product and brand. We believe this is a crucial step in that direction. A growing number of companies have made SOC 2 Type 2 compliance compulsory among their vendors, so we believe this certification will help us better serve our existing and future customers from across the globe.
An intuitive knowledge base software to easily add your content and integrate it with any application. Give Document360 a try!GET STARTED