Phyllo is now SOC 2  Compliant

Find out how Phyllo is setting the benchmark for the privacy and confidentiality of customer data through its SOC 2  compliance.

What is SOC2?

SOC 2 is a set of standards devised by the American Institute of Certified Public Accountants (AICPA) for organizations that handle sensitive customer data. SOC stands for Service Organization Control, and SOC 2 specifically relates to security, availability, processing integrity, confidentiality, and privacy.

A third-party auditor issues the SOC 2 report and assesses whether an organization's systems and controls meet the requisite standards. It is increasingly becoming a standard for companies dealing with sensitive customer data and is often required by customers, partners, and regulators across industries.

Types of SOC2

Type 1 Report

An assessment of the system and controls a company has set up, at a specific point in time, with regard to security, privacy, processing integrity, and confidentiality of data. It provides an initial assurance that this company has proper controls available to protect sensitive data.

Type 2 Report

This focuses on the operating effectiveness of the controls over a period of time. It provides a more comprehensive assessment of a company's security controls and is often required to safely handle sensitive information.

Features of Phyllo’s SOC2 compliance

As Phyllo builds the underlying infrastructure that connects companies to data from 20+ creator platforms, we must have the right tooling to handle this data. Here’s how SOC 2 compliance will play a key role in this:

Enhanced Security

With robust controls to protect sensitive and confidential information, we help reduce the risk of data breaches, unauthorized access, and unwarranted security incidents.

Increased Trust and Credibility

The SOC 2 certification demonstrates to our customers, partners, and other stakeholders that we take security, data protection, and legal compliance seriously. 

Improved Risk Management

As SOC 2 compliance required us to identify and assess potential risks to our systems and data, we are now better equipped to mitigate and respond to potential threats.

Continuous Improvement

Regular audits are required to maintain the SOC2 certification, thereby guaranteeing that we will continue to stay updated with security best practices.

Better Incident Response

With this compliance, we have incident response plans that can help minimize the impact of security incidents.

At Phyllo, we understand the importance of data security and privacy, and we are dedicated to ensuring that our customers' information is protected. Our SOC2 compliance means that we have established the necessary security controls and processes to protect customer data.

Achieving SOC2 compliance is just one of the many steps we are taking to ensure the security and privacy of our customers' data. We will continue to evaluate and enhance our security controls and processes to ensure that we meet our customers' ever-evolving security and privacy needs.