SOC 2 Type I Report
Completing a SOC audit is a huge deal for SaaS start-ups like us. The output of a SOC audit – a SOC report – verifies the strength of our business and data security protocols and offers a competitive advantage by establishing credibility and trustworthiness as a service provider. Basically, our SOC report is valuable proof that we have our data – and our customer’s data – on lock.
Naturally, you may have some questions about our SOC audit and what it means for us. We’ve compiled some of these below.
What is a SOC audit?
System and Organization Controls (SOC) are internal control reports on the security of the services and protocols of a service organization.
Who runs a SOC audit?
A third-party auditor assesses controls and determines whether they encountered any failures. This allows prospective clients to feel confident that service providers operate in an ethical and compliant manner while simultaneously protecting the effectiveness of those controls.
Why did we choose a SOC 2 audit instead of a SOC 1 audit?
A SOC 1 report is for service organizations that impact or may impact their clients’ financial reporting. This does not apply to AgentSync, as our clients don’t rely on us as the basis of their financial reporting. So, we have our SOC 2 (which reports on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy).
Will we need another SOC audit?
Yes, SOC reports are roughly good for a year; at which point we reach out to be re-audited. Our Type 1, which demonstrates control effectiveness as of a given point in time, doesn’t need to be repeated yearly (as we would only do another Type 1 when the controls we initially set up need to be updated following major changes as we mature over time). In about six months or so, we’ll be audited for our SOC 2 Type II, in order to demonstrate control effectiveness throughout a designated control period.
Who can see our SOC audit?
Our SOC audit contains important information about our security controls, so we have strict guidelines over who can access the report. If you’re curious about whether you qualify to see our SOC report, reach out to your sales representative or customer success manager. If you’re not sure of your AE or CSM, shoot us an email to ask.