sections in the article
Inriver is SOC2 compliant.
What is SOC 2?
System and Organization Controls (SOC) 2 is an auditing procedure developed by AICPA that defines criteria for managing various aspects of security and customer data. There are five Trust Services Criteria (TSC):
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
The TSCs Security and Availability are recommend as most relevant for SaaS providers in our industry as they provide significant benefits and security for the SaaS provider and their customers (for example, management of personal data is covered by these TSCs).
Organizations are audited by 3rd party auditors like Kompleye or Deloitte with two standards (or Types) of compliance audited:
- SOC 2 Type I
- SOC 2 Type II
inriver views SOC 2 compliance as a crucial way to demonstrate that we are a security-conscious SaaS provider that provide the highest level of trust for prospective and existing customers.
Differences in SOC 2 type I and SOC 2 type II
SOC 2 Type l audits measure an organization’s ability to meet the desired TSCs based on the design and implementation of its controls, policies, and procedures. Type I audits are often referred to as a “snap-shot” of an organization’s compliance to SOC 2 standards.
SOC 2 Type ll audits measure the organization’s effectiveness in applying its controls over a specific period of time (usually a year), the assessment of any possible risks, and the suitability of any plans to mitigate such risks appropriately.
What does it mean for customers that inriver is SOC2 compliant?
inriver SOC 2 Type II demonstrates inriver’s commitment to protecting & securing our customer's data, as well as our appetite and commitment for continuous improvement of our services and the entire structure surrounding it.
With SOC 2 Type II compliance, organizations can be assured that inriver is operating to the highest industry standards by responsibly and proactively managing the risks inherent with providing a SaaS solution.
Further reading
Please visit inriver’s Trust Center to learn more about our security posture and compliance frameworks.
Comments
0 comments
Please sign in to leave a comment.