Building client trust. What’s an SOC 2 certificate and why it matters
Listening to current and potential clients is of the utmost importance to us, and as we worked to close our most recent round of seed funding, we realized that security needed to be a top priority. It was the question that came up the most, “is this solution secure enough?” While this wasn’t surprising, it became an urgent issue as we’ve continued to experience fast-paced and expansive growth this past year. So, we decided that becoming SOC 2 certified was the needed next step as Influ2 continued to build momentum.
For those who don’t know, SOC 2 (developed by the AICPA) is specifically designed for service providers storing customer data in the cloud. That means SOC 2 applies to nearly every SaaS company, as well as any company that uses the cloud to store its customers’ information. Before 2014, cloud vendors only had to meet SOC 1 compliance requirements. Now, any company storing customer data in the cloud must meet SOC 2 requirements in order to minimize risk and exposure to that data.
So what does SOC 2 require? It’s considered a technical audit, but it goes beyond that: SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data. SOC 2 ensures that a company’s information security measures are in line with the unique parameters of today’s cloud requirements. As companies increasingly leverage the cloud to store customer data, SOC 2 compliance is becoming a necessity for a wide variety of organizations.
Getting SOC 2 Type 1 certification usually takes about six months, but we managed to get it in four, so this is a very proud moment for Influ2. It shows how quickly we’re moving and innovating, and also reflects our company culture. We took the time to explain to all of our employees why this was important and enrolled them in the process. Many shared with me how much they learned and how it was beneficial for their own IT security, and some even installed new protections on their personal computers. And, IT security is something we all need to take seriously both professionally and personally, and it was great to see that while involved, it had a positive impact all around.
Also, we used Vanta to help streamline the process. This simplified the normally very complex process and was a key component in being able to prepare and get through our audit so quickly.
Because SOC 2 requires long-term, ongoing internal practices that will ensure the security of customer information and, in turn, the long-term success of your business. It shows your clients and employees that taking security seriously is part of your company ethos, and I encourage all businesses to work towards securing this certificate as soon as possible. It will help to keep everyone’s information safe, and it will drive business growth - ensuring a win-win all around.