With software supply chain attacks being a major trend highlighted in the 2022 Verizon Data Breach Investigations Report, Hoxhunt is proud to announce that we are compliant with the highest security standard: SOC 2 Type II.
Did you hear that distant thunder of applause? That’s the sound of everyone at Hoxhunt celebrating our SOC 2 Type II compliance for 2022. Achieving this milestone took over a year’s worth of hard work and dedication . And it comes on top of achieving SOC 2 compliance for four consecutive years with the same auditor.
You, the reader, probably have some questions. I, the blog post, have answers.
SOC it 2 me: What is SOC2?
SOC2 is an acronym that stands for Security Organization Control 2. Developed by the American Institute of CPAs (AICPA) for the purposes of ensuring data security quality, SOC 2 is an auditing measure that ensures that businesses can securely and appropriately manage user data. In layman’s terms, this means that our product, our website, our physical devices, and our communications therein, are watertight and protected against unauthorised access. In even broader terms, this means that we keep your data safe, secure, confidential, and private. Don’t take our word for it: SOC2is a thorough process — conducted by an impartial, outside auditor — that ensures our customer’s data is in the best hands.
Now, we’re continuing our longstanding commitment to security and data protection with the addition of our SOC 2 TypeII report, an internal controls report capturing how our company safeguards customer data worldwide and how well those controls are operating in daily use and in business.
How do you do, SOC2,Type II?
Not only are we fullySOC2 compliant, we’re also SOC2 Type II compliant. Hey now! That means we have undergone a rigorous 12 month audit. It goes deep. How deep, you ask? It goes into these five areas:
• Infrastructure: The hands-on physical things that handle Hoxhunt user data. Think networks, real-world devices like employee laptops and phones, and even our office facilities themselves.
• Software: Operating systems, web apps, and computer utilities that Hoxhunt uses to create, manage, and facilitate data and system processes.
• People: Yep! Even Hoxhunt employees areSOC2 Type II compliant. This means that all personnel involved in any sort of Hoxhunt user data processing undergoes training, tests, monitoring, and security clearances.
• Data: The information (files, databases, transaction streams, and tables) you use or process within the service organisation are also SOC2 Type II complaint. Ain’t no leakin’ these.
• Procedures: How do data and files get from point A to point B? Procedures. We’ve made sure the way that we do things is compliant, from onboarding to off-boarding and all days in-between, no matter if they’re manual or automated.
Who did the audit?
AARC-360. The initial audit took a full calendar year to complete. Why is that, you may be asking?The report contains a “history” element that both shows and proves that we have maintained these high security standards over the course of a year. We’ve been fully SOC2 Type II compliant since 2019.
What happens now?
We’ve passed the SOC-2Type II audit every year since 2019, with the same auditor, AARC-360, who are widely known to be diligent, precise, and thorough in their audits. We will continue to undergo yearly audits to ensure that we’re always fully compliant. These yearly audits are 3 months long.
As a cybersecurity company, security is in our DNA. Both data management and the protection of customer data is of utmost importance to us. Should an even more stringent and rigorous security compliance initiative arise, we will pursue completion of that, too. SOC2 Type II is currently the most intensive security compliance auditing process available to us, so we have pursued (and successfully completed) this process. We’ve completed this process without deviations and without issues every year it has been available for us to pursue.
This is more than just a checkbox for us. This is a commitment to excellence.