Engineering leader Justin Weber shares the importance of the SOC 2 certification in validating Crisp’s security practices and building trust with partners.
As a data platform, security is incredibly important to us here at Crisp. After all, it’s our job to ensure that when we work with retailers, distributors, and CPG brands, they can feel confident that their data is kept safe. To demonstrate our commitment to data security and validate our adherence to security protocols, we recently completed the SOC 2, Type II certification process and have become SOC 2 compliant.
What's SOC 2, and why do we need it?
Companies that work with technology vendors often have to consider security and trustworthiness, especially when choosing a data solution. When Crisp partners with retailers and distributors like UNFI, an important part of the evaluation process is to complete a security audit. As our data platform continues to expand, Crisp decided that the SOC 2 certification could not only provide assurance for these organizations, but also streamline the process on our side when working with new partners. Of course, it’s not just our data partners that evaluate us -- it’s also the many CPG brands that are also mindful of security, data protection, and platform availability. Managed by the American Institute of CPAs (AICPA), the SOC 2 is designed for this purpose: to help companies validate that a vendor is trustworthy based on a standard set of guidelines.
To receive SOC 2, Type II certification, we completed a thorough audit with an independent third party auditor who evaluates our practices and procedures, including:
- Security: How we ensure that a client’s data is stored securely and the protocols we use to prevent unauthorized access
- Availability: How we make sure our service is continuously reliable, and how we prevent outages
- Confidentiality: How we protect confidential information, and how we store and protect any personal information, if applicable
Lessons learned from the audit process
Earning our SOC 2 certification required submitting thorough documentation on all of our various security protocols, processes, and internal company practices. This was time consuming, but proved to be valuable and offered an important lesson: the more regularly you maintain documentation over time, the easier a process like the SOC 2 audit will be. Even if it takes a few extra moments at the time, you’ll thank yourself later if you’ve accurately captured important information as you go.
Another important part of the process was involving everyone at Crisp in our security program. After all, it’s up to our entire team here at Crisp to look out for our clients’ best interests and keep our company safe. A strong security program requires engaging everyone on the role they can play in looking out for potential threats and keeping data safe.
Security is never done
We’re proud of our SOC 2 certification, but the work is never truly complete. Here at Crisp, we’ll continually practice and evaluate our security processes and standards. For example, we undergo quarterly disaster recovery exercises, practice contingency planning, continually add new monitoring and logging into our system, use third party penetration testing, and regularly audit our own work. We will also complete a new SOC 2 audit every year to renew our certification.
To keep up with the latest updates from Crisp, subscribe to the blog. To learn how you can use Crisp for secure data collaboration, contact us for a demo.