Docsumo got SOC-2 Type-1 audited in Sept 2021. 6 months down the line, we're happy to announce that we are now SOC-2 Type-2 certified as well. Let's have a look at what it means for our customers:-
SOC-2 Certification (System and Organization Controls 2) tells customers how well a company protects data and safeguards their privacy. Companies that use Cloud frameworks for data migration and storage have an SOC-2 Certification since they work with third party vendors.
When providing services to clients, SOC-2 Certification ensures there are audit controls in place which assures customers that you take the necessary steps to mitigate various cyber security risks. Additionally, it is considered an industry standard certification for businesses since it attests their trustworthiness and credibility of organizations. It proves to clients that their services are risk-free and do not face problems when working with outsourced software solutions.
SOC-2 Certifications helps organizations comply with regulatory standards such as ISO 9001, ISO 4001, OHSAS, and others, thus letting customers trust vendors in storing and ensuring the privacy of their critical documents.
An SOC-2 Certification application is approved only when an organization can meet the five core principles of document processing and security. These are:
The product, process, or service must be available in accordance to service level agreements made between the client and vendor. Auditors test the reliability and efficiency of networks when factoring availability of services in the face of security incidents and threats.
The principle of confidentiality states that data exclusive to employees or clients must not be shared online when stored on the platform. This can include intellectual property assets, financial information, and personal data of employees in organizations. Auditors generally test network firewalls and security access controls when testing confidentiality during internal audits.
Integrity of Storage describes if a platform is well-protected and performs as expected. The processing of data must be secure, timely, complete, and reliable – with storage practices being licensed and well-responsive.
The principle of privacy follows the set of guidelines laid down by the AICPA to protect and secure personally identifiable information (PII) used to differentiate and identify users online. Data covered by this include medical data, financial details, social security numbers, names, addresses, etc, and are associated with the Generally Accepted Principles of Privacy (GAPP)
Security ensures that defensive measures are in place to handle various cyber security threats. The data shouldn’t be prone to interceptions, unauthorized usage, deletion, or any modifications. Auditors review Web Application Firewalls (WAFs), network encryption, intrusion detection tools, and software processes which are used for mitigating external threats.
SOC-2 Compliance Certification is used to protect the interests of customers and validate security processes, thus ensuring that personal information is kept safe and its integrity well-maintained. Docsumo’s SOC-2 Compliance Certification lets customers rest assured about the quality of our services and guarantees data security:-
You don’t have to worry about data privacy or security since SOC-2 compliance certification ensures that our processes have been thoroughly audited. Our platform follows the principles of availability, integrity, confidentiality, privacy, and security when storing data online. All the data kept is accessible by only you and nobody else.
The collected data is not used by the platform in any way and imported documents are used for generated parsed content for clients.
SOC-2 Compliance Certification assures that our systems are capable of sending you when processing documents.You get alerts sent to you about data access, file transfers, and any modifications made to files, thus assuring complete data integrity. It also makes it convenient to review missing information and the system flags errors, on the rare occasions they do pop up. You basically stay in the loop and don’t have to worry about overlooking details related to document processing.
Customers worry about their data getting intercepted by malicious threats online and have concerns about risk mitigation. The SOC-2 certification implies that we have tools and resources dedicated to monitoring and mitigating suspicious activities within and beyond our company networks. This makes data less susceptible to phishing scams, zero-day attacks, and any malicious events that occur on the Cloud.
We store your data in accordance with the European General Data Protection Regulation (GDPR) and Data Protection Act 1998. This helps us provide you with the best customer services and you don’t have to worry about facing any class action lawsuits uploading data on the platform. The data processed through us is only used for the purpose of improving our products and services so that you get the best possible customer experience.
.png)
