Howdy everyone, it’s Phuc from Holistics’ Growth Team.
I’m super proud to announce that Holistics has recently obtained a SOC 2 Type II Attestation.
As a provider of business intelligence software, we understand the importance of maintaining the highest standards of security. You trust us to help your organizations make data-driven decisions, and we take this responsibility seriously!
SOC stands for “System and Organization Controls”, and is a framework governed by the American Institute of Certified Public Accountants (AICPA). It’s the leading industry standard when it comes to security compliance and the most commonly required and accepted way to demonstrate security when conducting business in the United States. SOC2 report assures customers, partners and investors that a business has a solid baseline of security and data protection guidelines in place.
There are also 02 types of SOC report: Type I and Type II.
- A SOC 2 Type I report is a point-in-time report - detailing the systems, tools, and strategies you have in place for keeping customer data secure at a single point in time.
- SOC 2 Type II report, on the other hand, measures and reports on the effectiveness of a vendor’s security controls over time (generally at least 06 months). To issue a Type II report, a CPA firm not only assesses the design and implementation of a vendor’s controls but also evaluates whether the controls were operating effectively over the entire audited period.
At Holistics, we chose to get a SOC 2 Type II report for two reasons:
- First, we’re committed to protecting our own networks and customer data so we can responsibly grow and remain competitive - and SOC2 offers a rigorous framework for us to do so.
- Second, we want to communicate our security practices to our customers in a more standardized and streamlined manner.
After meeting the prescribed security standards for several months and a rigorous review of our infrastructure, incident response plan, and internal policies, we’ve achieved our SOC 2 Report by partnering with Prescient Assurance, an independent auditor, and Vanta - the leading automated security platform - for continuous SOC2 compliance monitoring. We also went through thorough penetration tests, and vulnerability checks as part of this review.
Obtaining a SOC 2 Report is a critical step toward demonstrating the security of the platform for current and future customers.
If you’d like to see our SOC 2 Type II report, drop us a message.