Inriver SOC 2 compliance

What is SOC 2?

System and Organization Controls (SOC) 2 is an auditing procedure developed by AICPA that defines criteria for managing various aspects of security and customer data. There are five Trust Services Criteria (TSC):

• Security
• Availability
• Processing Integrity
• Confidentiality
• Privacy

The TSCs Security and Availability are recommend as most relevant for SaaS providers in our industry as they provide significant benefits and security for the SaaS provider and their customers (for example, management of personal data is covered by these TSCs).

Organizations are audited by 3^rd party auditors like Kompleye or Deloitte with two standards (or Types) of compliance audited:

• SOC 2 Type I
• SOC 2 Type II

inriver views SOC 2 compliance as a crucial way to demonstrate that we are a security-conscious SaaS provider that provide the highest level of trust for prospective and existing customers.

Differences in SOC 2 type I and SOC 2 type II

SOC 2 Type l audits measure an organization’s ability to meet the desired TSCs based on the design and implementation of its controls, policies, and procedures. Type I audits are often referred to as a “snap-shot” of an organization’s compliance to SOC 2 standards.

SOC 2 Type ll audits measure the organization’s effectiveness in applying its controls over a specific period of time (usually a year), the assessment of any possible risks, and the suitability of any plans to mitigate such risks appropriately.

Inriver has achieved Unqualified SOC 2 compliance

Unqualified report means we were fully compliant (there were no exceptions or advisory comments) and this is the best level of report an organization can achieve.

• 30th September 2020 – SOC2 Type I
• 1st October 2020 to 31st January 2021 – SOC2 Type II
• 1st February 2021 to 31st December 2021 – SOC2 Type II
• 1st January 2022 to 31st December 2022 – SOC2 Type II

inriver’s next SOC 2 Type II audit will be for the period 1st January 2023 to 31st December 2023.

Benefits for inriver prospective or existing customers?

inriver SOC 2 Type II demonstrates inriver’s commitment to protecting & securing our customer's data, as well as our appetite and commitment for continuous improvement of our services and the entire structure surrounding it.

With SOC 2 Type II compliance, organizations can be assured that inriver is operating to the highest industry standards by responsibly and proactively managing the risks inherent with providing a SaaS solution.