Ensuring Data Security: Polytomic Receives its SOC 2 Type II Certification
Security at Polytomic has been a focus since day one. Today we are excited to share that we are furthering our commitment to it by becoming SOC 2 Type II certified. We’re proud of the signal this sends to our community that our platform is ready for enterprise-level use.
This certification is particularly important for us because of what we do. Polytomic syncs data between our customers' proprietary systems. We transfer confidential customer information across our network, so it’s essential that we handle it with the sensitivity it deserves. Passing a SOC 2 Type II audit demonstrates our adherence to the strictest security standards and ensures that we remain responsible stewards of this information.
What is SOC 2 Type II?
System and Organization Controls (SOC) is a certification system created by the American Institute of CPAs through which auditors evaluate the security of a company’s data practices. Attaining this certification has become an important filter for doing business; about 82% of companies today look for privacy certifications before establishing business relationships.
We worked alongside BARR advisory and Vanta to conduct the audit. Our security systems and processes were monitored for months to ensure compliance with the SOC 2 Type II standard. The audit is known for its comprehensiveness which is why we are especially proud to have passed it.
A Closer Look at the SOC 2 Process
There are two types of SOC 2 audits: SOC 2 Type I and SOC 2 Type II. Type I assesses security practices at a specific point in time, while Type II evaluations monitor for a longer period of time. Type II audits are ultimately more rigorous because they usually take a few months to ensure consistent compliance.
Our Type II audit lasted about four months, during which we were continuously monitored to ensure we were sticking to best security practices across our whole business: from HR procedures, to change management processes, to core infrastructure. For example, our auditor verified that we enforce the principle of least privilege when it comes to our employees' system access: employees may only access internal systems that are necessary for them to do their jobs, and no more.
Another example of an area examined by our auditor is how easily data can be recovered from our platform if something goes wrong. Our customers trust us to keep their data backed up and available, regardless of the circumstance. Passing this section of the SOC 2 Type II audit demonstrates that any information that has been shared with the platform is treated as a valued asset because it’s always actively protected from loss.
Why this is Important
Successfully passing the SOC 2 Type II audit reinforces our commitment to security at Polytomic.
Many companies don’t go through this audit because of the capital and time investment it requires. Of the companies that pass it, many wait until they're larger to go through it. But we completed the audit early because of our belief in security and a boundless sense of responsibility towards our customers, present and future. They can rest assured that our company sits on a solid foundation.