Invevo is committed to data security by being SOC 2 compliant
Invevo is committed to building trust with all customers and we are constantly working toward aligning data privacy practices with the latest certifications and accreditations.
Today, we’re happy to announce Invevo is now SOC 2 compliant for Type I and working towards Type II. This aims to reassure all customers that their valuable data is always safe and protected.
Service Organization Control 2 (SOC2) is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. SOC 2 is a technical auditing process and certification that measures security and availability and serves as an assurance to customers that their data is being managed in a controlled and audited environment.
When a business is SOC 2 compliant, it signifies they implement proper security systems to ensure security, availability, processing integrity, confidentiality, and privacy of customer data.
SOC 2 compliance is essential for technology-based service organizations that store customer data in the cloud. This makes it applicable to most SaaS businesses, and any business that relies on the cloud to store its customers’ information.
There are two types of SOC 2 audits:
Invevo became SOC 2 Type I compliant on October 31st, 2022.
The SOC 2 certification is awarded to businesses by outside auditors upon assessing the extent to which they comply with one or more of these five trust principles:
The security principle refers to the protection of system resources against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of the software, and improper alteration or disclosure of information.
The principle checks the accessibility of the system, products or services as stipulated by a contract or service level agreement (SLA). It involves security-related criteria that may affect availability. Monitoring network performance and availability, site failover, and security incident handling are critical in this context.
This principle addresses if a system achieves its purpose, i.e., delivers the right data at the right price at the right time. The data processing must be complete, valid, accurate, timely, and authorised.
However, processing integrity doesn’t only imply data integrity; it also includes the monitoring of data processing, along with quality assurance procedures.
Information that is designated as confidential should be protected according to the User Entity’s needs. Data is considered confidential if its access and disclosure are restricted to a specified set of persons or organisations.
The principle includes encryption, which is an important control for protecting confidentiality during transmission. Network and application firewalls, along with rigorous access controls, can be used to safeguard information being processed or stored on computer systems.
The privacy principle addresses the system’s collection, use, retention, disclosure, and disposal of personal information in conformity with an organisation’s privacy notice, as well as with criteria determined by the AICPA’s Generally Accepted Privacy Principles (GAPP).
It includes protecting the unauthorised access of personally identifiable information (PII) – personal data related to health, race, sexuality, and religion is also considered sensitive and generally requires an extra level of protection.
Meeting SOC 2 compliance means establishing processes and practices that guarantee oversight across a company, guaranteeing customers that their data is protected from any unusual, unauthorised, or suspicious activity.
To ensure businesses meet SOC 2 requirements, you need to receive alerts whenever unauthorised access to customer data occurs. SOC 2 compliant companies are required to set up alerts for:
Having a SOC 2 badge on the Invevo website represents the dedication to keeping customer information private and secure. Invevo understands the need for customers to feel safe about their data, and it’s the reason why we are thrilled to feature this badge:
Invevo's CTO, Jamie Wroe, elaborates:
As a company, we’ve always tried to live up to the highest standards. We care about security and treat it with high priority. The SOC audit was, first of all, a benchmark we wanted to use to validate our efforts in the security area. We’re proud the approach we took naturally led us to this well-respected certification.
The SOC 2 compliance is a testament to Invevo's devotion to customer data security and privacy. Invevo not only empowers back offices to automate their accounts receivables processes, but we also constantly work to keep customer data secure.