People Data Labs Completes SOC 2 Compliance
July 20, 2021
Security and privacy are key focuses on our work here at People Data Labs (PDL). We have continuously placed a strong emphasis on our security and privacy practices, and today we are happy to announce that People Data Labs has successfully achieved SOC 2 Type I accreditation. This certification is a key milestone in our ongoing commitment to maintaining industry-leading security and privacy practices. We see it as an important way of reaffirming our promise to our users and customers that their data is always safe and protected.
What is SOC 2 Compliance?
SOC 2, or Service Organization Controls 2, is a voluntary accreditation developed by the American Institute of CPAs (AICPA) for technology service providers and SaaS companies designed to ensure the safety and privacy of customer data. SOC 2 compliance consists of an assessment on 5 key criteria–referred to as trust principles–required for reliable information security practices:
Security: This refers to protection of system resources against unauthorized access. This is typically accomplished by the use of security tools such as firewalls, two-factor authentication, and intrusion detection methods. Access controls such as these are designed to help prevent potential system abuse, theft, misuse, and improper disclosure of information.
Availability: This refers to whether the infrastructure has the controls in place to meet the accessibility requirements detailed in a contract or service level agreement (SLA) between the service provider and its users. Availability criteria are focused on assessing the performance monitoring, disaster recovery, and incident handling protocols in place to meet the service provider’s availability requirements.
Confidentiality: This refers to the service provider’s ability to protect data that should be restricted only to a specified set of individuals or organizations. This encompasses any data that the service provider maintains or has access to. Key considerations for meeting confidentiality criteria include the proper use of encryption, firewalls and thorough access controls both internally and externally to the organization.
Processing Integrity: This addresses the correctness of any actions performed by the service provider’s systems, such as delivering the right data in the right place at the right time. Meeting the processing integrity criteria ensures the completeness, validity, accuracy, timeliness and authorization of all data processing. Organizations are assessed on their process monitoring and quality assurance practices with this principle.
Privacy: This deals with the service provider’s ability to protect personally identifiable information (PII) and other sensitive data from unauthorized access. It focuses on the provider’s collection, use, retention, disclosure, and disposal of PII and assesses whether the necessary protocols and practices are in place to ensure the protection of sensitive information. Proper encryption, access controls, and multi-factor authentication are the key protocols assessed by this principle.
What does it take to get SOC 2 Compliance?
To qualify for SOC 2, an organization must demonstrate that it has controls in place to ensure compliance with the 5 key trust principles. Furthermore, a SOC 2 audit assesses not only the organization seeking accreditation but also any vendor or 3rd party service the primary organization interacts with, in order to ensure that the entire end-to-end system adheres to the same standards.
SOC 2 reports are performed by independent auditors using AICPA-developed standards, and the audits themselves take place in two phases:
Type I: This report describes a vendor’s systems and whether their design is suitable to meet relevant trust principles.
Type II: The report follows up after Type I accreditation and examines the operational effectiveness of those systems. In particular, this report includes a historical element that shows how controls were managed by a business over a minimum period of six months.
Today at PDL, we have successfully completed our SOC 2 Type I accreditation, which enables us to begin working towards Type II accreditation.
Why Does SOC 2 Compliance Matter?
SOC 2 compliance is a standard known and respected across the technical service provider industry and full Type I and Type II accreditation requires a mature and reliable commitment to protecting customer data. Being SOC 2 compliant assures customers and clients that the companies they work with have the infrastructure, tools, and processes to protect their information from unauthorized access both from within and outside the organization. Additionally, an important requirement of SOC 2 compliance is having the necessary alerting systems in place to notify for malicious or unauthorized activity and other incidents, as well as the necessary protocols in place to restore process integrity following incidents. In short, SOC 2 compliance is about establishing trust and confidence in a provider’s ability to protect your data, and this is something that we at PDL continuously strive for.
Why We Decided to Pursue SOC 2 Accreditation
Successfully completing the SOC 2 Type I examination indicates that PDL has a system of controls and operational processes meeting an established standard of excellence in data privacy and security. It also represents the start of a six-month review period to demonstrate our long-term ability to uphold these procedures, a prerequisite for achieving SOC 2 Type II certification.
At PDL, we have built a business around providing accurate and compliant data. As a result we believe that data security and privacy is a core competency of ours, and this is something that we take great pride in. In pursuing SOC 2 compliance, we want to ensure that our customers know that we have the highest standards in place to safeguard and protect their data. Moving forward, as we continue to grow and expand our services and partners, we also want to provide confidence that all our partnerships and new services meet the same protection and privacy standards that we have set across our organization. This holistic dedication to security is critical to fulfilling our mission and is one important step forward on our journey to empowering developers with data and insights.
Like what you read? Scroll down and subscribe to our newsletter to receive monthly updates with our latest content.