The security practices at Sitoo have been further recognized with the company achieving SOC 2 Type II compliance status, in accordance with American Institute of Certified Public Accountants (AICPA) standards.
The news comes back-to-back of Sitoo receiving the ISO 27001 certification in 2023 and is a further validation of the robust security and compliance principles in place at the company.
Magnus Sparf, Chief Information Security Officer at Sitoo, explains further: “The audit confirms that our information security practices, policies, procedures, and operations meet the SOC 2 standards for security and it’s an important step as we continue our expansion in the US.”
“We’re committed to providing secure products and services to safely and easily manage billions of digital identities across the globe. Our external certifications provide independent assurance of our dedication to protecting our customers by regularly assessing and validating the protections and effective security practices we have in place.”
“Achieving the SOC2 standard with an unqualified opinion serves as third-party industry validation that we provide enterprise-level security for customer’s data stored within our system.”
SOC 2, or Service Organization Control 2, is a framework for managing and securing data that is relevant to technology and cloud computing organizations. It is a set of compliance standards developed by AICPA to ensure the security, availability, processing integrity, confidentiality, and privacy of customer data.
SOC 2 certification is specifically designed for technology and cloud computing organizations that store customer information in the cloud. The certification is often sought after by Software as a Service (SaaS) providers, data centers, and other technology companies that handle sensitive customer information.
To obtain SOC 2 certification, a company must undergo a thorough audit process conducted by an independent third-party auditor. The audit assesses the company's policies, procedures, and technical controls to ensure they meet the criteria set by the AICPA.
Having SOC 2 certification can enhance a company's reputation and build trust with customers, as it demonstrates a commitment to safeguarding sensitive data. It is particularly important for businesses that handle customer data in the cloud, as it provides assurance that the appropriate security measures are in place.
Sitoo was audited by Prescient Assurance , a leader in security and compliance attestation for B2B, SaaS companies worldwide. Prescient Assurance is a registered public accounting firm in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR.
If you’d like to find out more about our security practices, we’d be more than happy to chat.
