We at Kovai.co are officially SOC2 Type 2 compliant. SOC2 Type 2 compliance is the gold standard for data privacy protection in the tech industry. This is a significant security milestone demonstrating the extent of our internal security controls.
What does SOC 2 Type 2 compliance mean?
SOC 2 Type 2 is a compliance certification issued by the American Institute of Certified Public Accountants (AICPA) to companies that meet their meticulous security standards. This certification is one more step we have taken towards assuring our customers of our internal security controls to protect the privacy of their data.
The process involves an audit where an external auditing agency evaluates our security controls. The auditors evaluated how adept we were at handling sensitive data encryption, risk analysis, implementing access rules, and other tasks.
Why do we need SOC 2 compliance?
Being a fast-growing SaaS company, we decided to get certified SOC 2 Type 2 compliant because it gives many customers, who often deal with sensitive and private information, peace of mind that their information is safe with us.
Our customers across our three flagship products—BizTalk360, Serverless360, Document360, and newest product, Churn360 are from all verticals, including banking, data security, technology, healthcare, education, research, and consulting, to name a few.
We decided to get certified on how adequate our security controls are in protecting their information, how fast their information can be up and available again in the case of an attack, and the mechanisms we have to investigate such an attack.
Why is it important for customers?
There are growing hacking incidents for data theft, tampering, and eavesdropping, among others. The lack of strict security protocols in any of their vendors, including us, can cost them money, their reputation, clients, trust, and brand image that they have worked so hard to cultivate. The compliance process led us to address cybersecurity requirements before they became an issue.
This demonstrates how seriously we take the security of data that belongs to our customers and their clients.
How did we achieve SOC 2 compliance?
We defined 27 policies and procedures across our internal departments—IT (Information Technology), Administration, People & Culture, and Information Security addressing 114 control requirements. We had dedicated process owners from the above teams to work on implementing the required controls.
We had to face three assessments:
1. SOC2 Readiness Assessment – Definition of controls applicable to our business.
2. SOC2 Type 1 Assessment- Audit on the design of the controls.
3. SOC2 Type 2 Assessment- Audit on the Operational Effectiveness of the controls.
On top of the audit, we also engaged with a third-party consulting company to ensure our policies adhere to industry standards and bring out the best implementation practice within Kovai.co. We produced hundreds of evidence to meet the audit requirements. As a result of the audit, overall changes and improvements were made across all business units to improve the organization’s security posture. Additionally, every person within the company was provided with Information Security Awareness Training.
What does SOC2 Type 2 compliance test?
Security: The level to which processes can protect information against unauthorized access and disclosure. Organizations with secure controls can prevent the potential compromise of their data
Availability: The level of accessibility clients have to information via client-facing applications. This does not address the functionality or usability of the system components but the ease of access to relevant systems.
Processing Integrity: The level at which the procedures in place perform on our objectives, without errors in accuracy, authorization, and timeliness.
Confidentiality: The level to which confidentiality of information is maintained between collection and deletion from the infrastructure. Information is considered confidential if access and disclosure are restricted to defined parties.
Privacy: The level to which entities protect sensitive personal information during collection, retention, disclosure, and disposal.
We at Kovai.co have always been customer-obsessed in every aspect, making their satisfaction and trust in us our top priority. Now a growing number of companies have made SOC 2 Type 2 compliance a compulsory requirement among their vendors. This certification, we believe, will help further the trust in our brand among our existing and future customers.