Phyllo is now SOC 2 Type 1 Compliant

Find out how Phyllo is setting the benchmark for the privacy and confidentiality of customer data through its SOC 2 Type 1 compliance

What is SOC2?

SOC 2 is a set of standards devised by the American Institute of Certified Public Accountants (AICPA) for organizations that handle sensitive customer data. SOC stands for Service Organization Control, and SOC 2 specifically relates to security, availability, processing integrity, confidentiality, and privacy.

The SOC 2 report is issued by a third-party auditor and assesses whether an organization's systems and controls meet the requisite standards. It is increasingly becoming a standard for companies dealing with sensitive customer data and is often required by customers, partners, and regulators across industries.

Types of SOC2

Type 1 Report

An assessment of the system and controls a company has set up, at a specific point in time, with regards to security, privacy, processing integrity and confidentiality of data. It provides an initial assurance that this company has proper controls available to protect sensitive data.

Type 2 Report

This focuses on the operating effectiveness of the controls over a period of time. It provides a more comprehensive assessment of a company's security controls and is often required for the safe handling of sensitive information.

Features of Phyllo’s SOC2 compliance

As Phyllo builds the underlying infrastructure that connects companies to data from 20+ creator platforms, it is essential that we are equipped with the right tooling to handle this data. Here’s how the SOC 2 compliance will play a key role in this:

Enhanced Security

With robust controls to protect sensitive and confidential information, we help reduce the risk of data breaches, unauthorized access, and unwarranted security incidents

Increased Trust and Credibility

The SOC 2 certification demonstrates to our customers, partners, and other stakeholders that we take security, data protection and legal compliance seriously

Improved Risk Management

As the SOC 2 compliance required us to identify and assess potential risks to our systems and data, we are now better equipped to mitigate these risks and respond to potential threats

Continuous Improvement

Regular audits are required to maintain the SOC2 certification, thereby guaranteeing that we will continue to stay updated with security best practices

Better Incident Response

With this compliance, we have incident response plans in place that can help minimize the impact of security incidents

At Phyllo, we understand the importance of data security and privacy, and we are dedicated to ensuring that our customers' information is protected. Our SOC2 Type 1 compliance means that we have put in place the necessary security controls and processes to protect customer data, as we work on the Type 2 compliance to solidify customer trust.

Achieving SOC2 Type 1 compliance is just one of the many steps we are taking to ensure the security and privacy of our customers' data. We will continue to evaluate and enhance our security controls and processes to ensure that we meet the ever-evolving security and privacy needs of our customers.

Trust in Phyllo as we gear up for our journey into
SOC 2 Type 2 compliance