Salesforce AppExchangeSecurity at PK4: Certified and Compliant with SOC 2 Type II Standards
Security at PK4 is something that we have always paid a great deal of attention to. PK4 recently received it’s SOC 2 Type II compliance certification. Software as a Service (SaaS) enables organizations to access powerful software solutions very easily. However, with crucial business operations and customer data on SaaS software, security is an important factor. While PK4 TimeTracker data is always on Salesforce’s secure platform, it was important for customers that our data handling and procedures were also secure. Our SOC 2 Type II certification achieves that.
SOC 2 is one of the most prominent and trusted auditing procedures for service providers, establishing the level of trust when selecting a SaaS provider. With our recent SOC 2 audit, we can assure customers that their information is safe and available when needed.
What does SOC2 mean?
SOC 2 is a voluntary compliance standard for technology companies with cloud-based software products. It specifies how an organization should manage and secure customer data. Originating from the American Institute of CPAs (AICPA), SOC 2 is not just a certification; it’s a rigorous framework that scrutinizes an organization’s approach to handling data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.
The SOC 2 Type II certification is provided by an external auditor (the PK4 audit was conducted by Atom Audits) and covers in detail the practices and infrastructure used to ensure: security, availability, processing integrity, confidentiality, and privacy of all PK4 TimeTracker users.
The Two Types of SOC 2 Reports
SOC 2 reports are bifurcated into two different types, each of which serves a unique purpose.
- SOC 2 Type I focuses on the suitability of the design of controls at a specific point in time. You could think of it as a snapshot, capturing how well a company’s systems and processes are designed to meet the trust principles.
- SOC 2 Type II goes a step further, assessing the operational effectiveness of those controls over a period, typically covering a minimum of six months. It’s like a documentary, showcasing how well a company not only implements but also maintains these controls over time.
What does SOC 2 compliance mean for PK4?
As a data based solution provider, we at PK4 understand the importance of data security and privacy. We have always maintained an unwavering commitment to safeguarding our customers’ data and information.
Achieving SOC 2 compliance is a milestone that demonstrates our commitment to security, compliance, and privacy. Our SOC 2 compliance isn’t just another checkbox. It means that as an organization we adhere to industry best practices when it comes to data security and governance.
The process for security at PK4 went through the SOC 2 checklist of security training for employees, baked-in MDM for all work devices, data collection for processes, data presentation for audit and the compliance audit. At PK4, we used the Sprinto Continuous Security and Compliance Platform to organize and track our compliance program from end-to-end. This is an automated, online platform to continuously monitor our internal processes against the highest possible standards. We have real-time visibility across our organization to ensure the end-to-end security and compliance posture of our systems.
What gets evaluated in a SOC 2 audit?
The SOC 2 audit covers in detail the practices and infrastructure used to ensure: security, availability, processing integrity, confidentiality, and privacy of all PK4 users. Our auditor checked our procedures, employee training and processes. The PK4 SOC 2 Type II compliance audit checked our processes and procedures for Availabilty, Confidentiality and Security.
Over the past several months, PK4 has worked closely to ensure these areas of our organization met compliance requirements:
- Continuous security control monitoring
- Network and application layer penetration tests
- Automated data security and vulnerability checks
- Training and processes for data security, customer information security for all employees.
What’s next?
We understand that achieving SOC 2 compliance is an ongoing commitment and not a one-time achievement. Which is why we have decided to renew our SOC 2 report annually. And that’s not all. We are constantly finding ways to refine our processes and procedures, our training for employees. All with the goal of ensuring the highest standards of protection and privacy for our customers’ data. We hope that this update of security at PK4 helps you and your IT team rest easy knowing that all your data in PK4 is safe and secure.
