Data security is a must-have when working with any external supplier. While it’s not usually front page news, it’s important

With IT spending to reach $3.9 trillion in 2021, tech execs have to make sure suppliers follow security standards, the same way they ensure proper measures internally.

As a commitment to our customers’ security, we pursued our SOC 2 Type 2 certification and are excited to announce that we successfully completed our audit. 

We understand that this past year was a major adjustment for many organizations. We want you to have full confidence in the security of critical data stored across your contracts.

Read on to learn more about what SOC 2 is and why we made compliance a priority.

Accreditation that matters most 

Service Organizations Control, SOC, is a set of standards developed by AICPA to help organizations who provide services to other companies build trust and confidence in the service performed and controls related to the service. 

A SOC 2 report ensures that organizations that collect, store, and process customer information are meeting at least one of the five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. 

Conducted by an external auditor, a company can seek two types of reports:

  • SOC 2 Type 1: This report examines what processes and controls an organization has put in place for maintaining one trusted principle 
  • SOC 2 Type 2: This report examines the same thing but over an extended period

While the Type 1 report helps show compliance, the Type 2 report is one of the highest security standards that companies can seek to protect customer data.

We invested significant time and resources into the Type 2 report to ensure we’re using the best data security and control practices for our customers’ information.

Choosing vendors that follow industry standards 

We’re on a mission to change the way you buy and renew SaaS. At Vendr, we realize this can only happen if you trust us with your SaaS contracts. Contracts store sensitive information like employee names, billing information, payment terms, legal preferences, and more. 

Your data is paramount to us. We want to give you time back in your day and eliminate stress when it comes to buying software — we want you to be stress-free about the information you share with us, knowing it’s safe. 

Over the past few months, we’ve taken steps to ensure that company-owned devices are encrypted and equipped with remote device wiping. We also use single sign-on (SSO).

Building on our commitment to our customers, the SOC 2 Type 2 certification will make security and data privacy a continued priority for us year over year. 

The official audit report provides a thorough review of our internal controls, policies, and processes for how we store your data. It also reviews risk management, supplier due diligence, and our entire IT infrastructure. 

We are proud that our SOC 2 report has shown that we have the appropriate controls to mitigate risks for our customers.

If you use third-party software to help with any part of your business, ask about their security measures. Be aware of what they include in their terms of service, privacy policy, recovery process. Security can feel like a low priority until it suddenly isn't — a scenario we all hope to avoid.

Next post Back to all posts