We take data security seriously at ShareForce. As a trusted Software as a Service (SaaS) provider for incentive plan management, we continuously aim to meet and exceed industry standards and client expectations for security controls. And today, we’re excited to announce that ShareForce is now compliant with the SOC 2 Type II standard for security, availability, and confidentiality.
What is SOC 2 compliance?
SOC 2 is considered the gold standard for security compliance for SaaS companies, and being compliant means that an independent auditor conducted an audit of ShareForce’s servers and systems based on standards set by the American Institute of CPAs (AICPA) and deems that ShareForce follows top-rated security practices that safeguard our clients’ data.
What are SOC 2 audits?
A SOC 2 audit reviews the controls in place for protecting client information and data. The audit report is comprised of 3 main assessment criteria:
- Security: refers to the protection of the system against unauthorised access.
- Availability: refers to the accessibility of the system as stipulated by a service level agreement (SLA).
- Confidentiality: refers to the system’s restrictions for specific data access.
In order to meet SOC 2 audit requirements, the above criteria are examined for all components, including ShareForce’s infrastructure, software, people, procedures, and data. These controls define our information security program and our compliance with SOC 2 as a whole.
Why does SOC 2 compliance matter?
The SOC 2 Type I audit confirmed that our system is designed to keep our clients’ sensitive data secure. Passing the SOC 2 Type II audit means that ShareForce has consistently maintained processes and practices that meet the required levels of monitoring so that we can proactively identify and address any unusual activity, from our technical procedures to general business operations. Security is considered central to everything that we do.
What’s next for compliance at ShareForce
Part of our ongoing dedication to data security, availability, and confidentiality is our commitment to consistently and critically review how we collect, manage, and secure client data. To continue meeting the SOC 2 standards, ShareForce will continue to obtain periodic SOC 2 Type II reports with the assistance of our partner Scytale’s professional SOC 2 advice and technology.