s official! We are SOC 2 Type II compliant and we want to talk about it.
We are delighted to announce that we are officially SOC 2 compliant and proud to have the “official” stamp that recognizes our secure data protection practices.
What is SOC 2 compliance?
SOC 2 is a voluntary, security compliance standard for tech companies with cloud-based products. In a nutshell, it’s all about how you handle customer data and keep it safe. SOC 2’s compliance guidelines are set by the AICPA (American Institute of Certified Public Accountants) and ensure services are secure, available, and confidential.
Why SOC 2 compliance matters
Cyber attacks, data breaches and ransom attacks are an ever-present threat, now more than ever. Organizations need to protect their data and adhere to federal regulations and industry standards. Here at Honeydew, having robust protection of customer data is our top priority.
Being in accordance with SOC 2 standards allows us to demonstrate our report to our customers, partners and stakeholders, serving as evidence of our compliance with the universally-acknowledged information security benchmark.
Moreover, it pertains to guaranteeing that our organization implements information security policies, controls and practices at the highest level, thereby earning the trust of our customers and partners!
So what exactly was audited
You might be curious about what exactly gets evaluated to achieve SOC 2 compliance. Our audit covered three essential Trust Services Criteria, namely Security, Availability, and Confidentiality. Numerous internal verifications were conducted to ensure the proper implementation and effectiveness of all aspects.
Scytale assisted in customizing controls to fit Honeydew’s infrastructure, software, processes, personnel and data. This involved implementing controls pertaining to:
- Remote onboarding/offboarding of employees
- Cloud infrastructure security
- Information security risk management
- User access review
- Multi-factor authentication
- User access review
- Threat detection
- Change management procedures
- Asset management
- Data encryption
- Secure development and more
What comes next?
Once an organization is SOC 2 compliant, it does not end there. This is not a once-off project and here at Honeydew, we will continue to maintain our compliance, monitor our security systems and update all necessary policies and procedures.
Honeydew will remain committed to continuous review of information security, supplying top-notch data security and compliance to our customers
