Phyllo is now SOC 2 Type 1 Compliant
Find out how Phyllo is setting the benchmark for the privacy and confidentiality of customer data through its SOC 2 Type 1 compliance
What is SOC2?
SOC 2 is a set of standards devised by the American Institute of Certified Public Accountants (AICPA) for organizations that handle sensitive customer data. SOC stands for Service Organization Control, and SOC 2 specifically relates to security, availability, processing integrity, confidentiality, and privacy.
The SOC 2 report is issued by a third-party auditor and assesses whether an organization's systems and controls meet the requisite standards. It is increasingly becoming a standard for companies dealing with sensitive customer data and is often required by customers, partners, and regulators across industries.
Types of SOC2
Type 1 Report
An assessment of the system and controls a company has set up, at a specific point in time, with regards to security, privacy, processing integrity and confidentiality of data. It provides an initial assurance that this company has proper controls available to protect sensitive data.
Type 2 Report
This focuses on the operating effectiveness of the controls over a period of time. It provides a more comprehensive assessment of a company's security controls and is often required for the safe handling of sensitive information.
Features of Phyllo’s SOC2 compliance
As Phyllo builds the underlying infrastructure that connects companies to data from 20+ creator platforms, it is essential that we are equipped with the right tooling to handle this data. Here’s how the SOC 2 compliance will play a key role in this:
With robust controls to protect sensitive and confidential information, we help reduce the risk of data breaches, unauthorized access, and unwarranted security incidents
Increased Trust and Credibility
The SOC 2 certification demonstrates to our customers, partners, and other stakeholders that we take security, data protection and legal compliance seriously
Improved Risk Management
As the SOC 2 compliance required us to identify and assess potential risks to our systems and data, we are now better equipped to mitigate these risks and respond to potential threats
Regular audits are required to maintain the SOC2 certification, thereby guaranteeing that we will continue to stay updated with security best practices
Better Incident Response
With this compliance, we have incident response plans in place that can help minimize the impact of security incidents
At Phyllo, we understand the importance of data security and privacy, and we are dedicated to ensuring that our customers' information is protected. Our SOC2 Type 1 compliance means that we have put in place the necessary security controls and processes to protect customer data, as we work on the Type 2 compliance to solidify customer trust.
Achieving SOC2 Type 1 compliance is just one of the many steps we are taking to ensure the security and privacy of our customers' data. We will continue to evaluate and enhance our security controls and processes to ensure that we meet the ever-evolving security and privacy needs of our customers.