As an identity verification platform that handles sensitive data, we’ve always understood that data security is a foundation of our platform. And as online data security becomes increasingly important, we hold ourselves to relentlessly high standards when it comes to bringing trust and transparency into how we handle our customers’ data. Therefore, we’re proud to announce the completion of our SOC 2 Type II examination for security, availability, and confidentiality as a testament to the commitment we’ve made to security and privacy.
What is SOC 2 you ask? Good question!
The Service Organizational Control 2 (SOC 2) is recognized as a gold standard for data security and requires organizations to establish and follow strict information security policies and procedures. An accredited third-party annually audits and attests to an organization’s adherence to the policies and procedures. The SOC 2 Type II process takes 9 to 12 months and is significantly more rigorous than SOC 2 Type I as it requires a comprehensive audit of the established information security policies and procedures over a period of time.
We’ve implemented best practices from the start
We started working towards our SOC 2 from day one, implementing best practices in information security from the start. We achieved our Type I in May 2019 and immediately focused on Type II. Completing our SOC 2 Type II attestation was a natural by-product of our existing approach to security, as opposed to checking off a box.
As the best-in-class identity verification platform, Persona sits at the intersection between privacy, security, and compliance. In today’s current identity landscape, it’s more important than ever to protect sensitive information, and put a stop to the increasing cycle of fraud.
Other SaaS companies who handle sensitive data may complete SOC 2 Type II examinations, but you’ll find few, if any, who achieved both Type I and Type II attestations before raising a big funding round. This is a serious win for all of our customers, and is a testament to our commitment to creating the best-in-class identity verification platform on world-class infrastructure.
While SOC 2 is an important milestone in our efforts to be the most secure identity platform in the market, we understand that our work is never done. We’ll continue to implement industry-leading, information security practices and raise the bar on behalf of our customers.
Long-story short, we take security very seriously
Persona is also GDPR and CCPA compliant, in addition to being certified against the EU-US and Swiss-US Privacy Shield framework, further validating our secure data practices.
Customers can request the SOC 2 report by contacting us at firstname.lastname@example.org. The report documents how our information security practices and procedures meet the SOC 2 trust principles criteria for security, availability, and confidentiality.
You can also learn more on our Security Page.