SOC 2 Type II compliance with airSlate
SOC 2 Type II is a report of a company’s internal controls designed to promote the security and welfare of an organization.
SOC stands for the System Organization Control and was created in 2011 by the American Institute of Certified Public Accountants (AICPA) as a standard for performing audits on cloud service providers. There are three types of reports — SOC 1, SOC 2, and SOC 3. Each one is specific to the needs of the user.
SOC 2 is a non-financial report that tests and describes controls that a vendor has relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. This report is intended to meet the needs of customers that look for detailed information and assurance about the controls that their vendor has relevant to the security, availability, and processing integrity of the systems the vendor uses to process user data along with preserving the confidentiality and privacy of the information processed by these systems.
There are two levels of SOC reports. Type I is an attestation at a specific point in time, while Type II attestation covers a specific period of time (usually a year) and validates the operating effectiveness of a vendor’s controls throughout this period.
airSlate undergoes an annual SOC 2 Type II audit that is performed by a third-party Certified Public Accountant (CPA). We can provide the latest available SSAE 18 SOC 2 Type II report upon request. Our report illustrates in detail how airSlate meets or exceeds industry standards with regard to the principles of data security.
Our SOC 2 report describes airSlate’s controls with regard to topics such as Network Security, privileged access to systems, Firewall protection, Virtual Private Networks (VPN), Code Development LifeCycle, Encryption Protocols, and Classification and Segregation of Data and Systems. It also covers topics such as Data backups and retention, incident breaches and response policies, and internal and external vulnerability assessments and penetration testing. Other topics covered include Vendor Management and due diligence, HR policies, Management and Legal teams oversight, and much more.
Our customers store their data and files inside of our applications, which are hosted on the AWS (Amazon Web Services) cloud. Amazon is the gold standard in the public cloud industry and is responsible for the physical security of all servers and data residing in their data centers. Amazon maintains its own SOC 2 Type 2 attestation along with ISO/IEC 27001, PCI DSS, and FedRamp Authorization. Furthermore, AWS has instituted assurance programs that provide templates and control mappings to help establish the compliance of environments running on AWS against 20+ standards. AWS is also compliant with the EU’s GDPR regulation on data privacy protection. The AWS Data Processing Agreement incorporates Article 29’s Working Party Model Clauses. Please find more information about AWS, our cloud hosting provider, here.
airSlate uses the Secure Hash Algorithm at 256 bits (SHA-256) for data protection at rest and in transit. Two-factor authentication prevents unauthorized access of data and systems caused by security breaches.
By taking advantage of airSlate’s SOC 2 certified solutions and AWS’s world-class hosting services, our customers inherit our robust controls, reduce the volume and cost of their own operational security audits, and satisfy their own vendor’s due diligence obligations.