Your data is one of your most valuable assets, and it’s also prone to internal and external threats. When it comes to whistleblowing, highly sensitive information, data and files are exchanged across your organization and sometimes third parties. That’s why making sure we can provide the best security standards to our clients is one of our top priorities.
Through security enhancements features, certifications, and compliance with local security requirements (such as the GDPR in Europe, the Privacy Shield in the United States, or the PIPL in China), our goal is to provide a platform that is safe by design.
What does it mean for an organization to select a vendor with a SOC 2 certification?
Being SOC 2 certified means that external auditors assess the extent to which an organization complies with one or more of the Five Trust Principles: privacy, security, confidentiality, availability, and processing integrity.
By selecting a SOC2-certified vendor, you have proof that your data is protected, and that a proven process is in place to ensure excellence in data privacy and security.
The five trust principles
With a platform compliant with each of these principles, Whispli guarantees the protection of your data against internal and external threats.
Whispli is now SOC 2 certified. We are committed to continuous improvement regarding information security in order to offer the most secure Whistleblowing system you can find.
In the past few years, Service Organization Control 2 (SOC2) has become the gold standard of information security certifications worldwide. The security, privacy, and confidentiality practices guaranteed by the SOC2 framework limit exposure and minimize cyber risks & security breaches.
From making a report through the investigation procedures, a lot of sensitive data is exchanged and stored within your whistleblowing platform. That's why large companies, especially in regulated industries like healthcare & finance, increasingly require SOC 2 certifications from their vendors. When choosing a whistleblowing solution, trust in the ability to ensure the security of the information exchanged is paramount.
What type of SOC certification an organization should get depends on the services provided.
The objective of a SOC 2 certification is to help employees standardize the right policies and procedures to successfully reduce risk and regularly practice activities needed for compliance.
It’s not a tick-the-box exercise for an audit, but a framework to standardize processes, scale operations, and prioritize security, availability, processing integrity, confidentiality, and privacy. By providing a roadmap for day-to-day operations, organizations can ingrain a strong security culture and build trust with end users.
In order to ensure long-term compliance based on security as a company value, the SOC 2 certification is divided into two types:
It is important to note that a SOC 2 certification is not a mandatory process.
Whispli voluntarily went through this certification because the SOC 2 report is now the international gold standard for data security and governance. With it, Whispli can ensure enterprise-level security and compliance by being aligned with AICPA’s trust service principles and criteria for managing Security, Availability, and Confidentiality.
Meeting SOC 2 compliance demonstrates the commitment of an organization to protect its customers’ data and information, ensuring that they can feel safe about their integrity and privacy. Whispli places the utmost importance on this trust and we are thrilled to feature this badge amongst our other commitments:
Our commitment to security doesn’t end here. Regular audits will be conducted to maintain our level of compliance with AICPA’s principles and standards.
After completing the first six months under security controls, our SOC 2 Type 2 certification will be complete.
Far from the tick-the-box exercise, we are confident in our ability to maintain the highest level of data security, based on our company values placing trust and security above all.