Whispli's Blog

SOC2 Certification: your Whistleblowing System Compliant with the Highest Data Security Requirements

Written by Marinette Monaton | Nov 15, 2022 11:11:31 AM

Committed to the highest standards of data security: Whispli is SOC 2 certified

Your data is one of your most valuable assets, and it’s also prone to internal and external threats. When it comes to whistleblowing, highly sensitive information, data and files are exchanged across your organization and sometimes third parties. That’s why making sure we can provide the best security standards to our clients is one of our top priorities. 

Through security enhancements features, certifications, and compliance with local security requirements (such as the GDPR in Europe, the Privacy Shield in the United States, or the PIPL in China), our goal is to provide a platform that is safe by design.

 

SOC 2 certified vendor: making sure your data is in good hands

What does it mean for an organization to select a vendor with a SOC 2 certification?

Being SOC 2 certified means that external auditors assess the extent to which an organization complies with one or more of the Five Trust Principles: privacy, security, confidentiality, availability, and processing integrity.

By selecting a SOC2-certified vendor, you have proof that your data is protected, and that a proven process is in place to ensure excellence in data privacy and security.

 

The five trust principles

With a platform compliant with each of these principles, Whispli guarantees the protection of your data against internal and external threats.

Whispli is now SOC 2 certified. We are committed to continuous improvement regarding information security in order to offer the most secure Whistleblowing system you can find.

 

What is the SOC 2 certification?

SOC 1, SOC 2, Type 1, and Type 2: what are the differences?

In the past few years, Service Organization Control 2 (SOC2) has become the gold standard of information security certifications worldwide. The security, privacy, and confidentiality practices guaranteed by the SOC2 framework limit exposure and minimize cyber risks & security breaches.

From making a report through the investigation procedures, a lot of sensitive data is exchanged and stored within your whistleblowing platform. That's why large companies, especially in regulated industries like healthcare & finance, increasingly require SOC 2 certifications from their vendors. When choosing a whistleblowing solution, trust in the ability to ensure the security of the information exchanged is paramount.

What type of SOC certification an organization should get depends on the services provided.

  • SOC 1 → for service organizations that impact or may impact their clients’ financial reporting
  • SOC 2 → for service organizations that hold, store, or process information of their clients, but is not significant to financial reporting (would not affect their income statement or balance sheet)

The objective of a SOC 2 certification is to help employees standardize the right policies and procedures to successfully reduce risk and regularly practice activities needed for compliance.

It’s not a tick-the-box exercise for an audit, but a framework to standardize processes, scale operations, and prioritize security, availability, processing integrity, confidentiality, and privacy. By providing a roadmap for day-to-day operations, organizations can ingrain a strong security culture and build trust with end users.

In order to ensure long-term compliance based on security as a company value, the SOC 2 certification is divided into two types:

  • SOC 2 Type 1 → assesses the design of security processes at a specific point in time - tests the design of your compliance program
  • SOC 2 Type 2 → assesses how effective those controls are over time by observing operations for a period between 6 and 12 months - tests not only your compliance program but also the operating effectiveness of controls over time.

 

Why get SOC 2 certified?

A proactive process

It is important to note that a SOC 2 certification is not a mandatory process.

Whispli voluntarily went through this certification because the SOC 2 report is now the international gold standard for data security and governance. With it, Whispli can ensure enterprise-level security and compliance by being aligned with AICPA’s trust service principles and criteria for managing Security, Availability, and Confidentiality.

Meeting SOC 2 compliance demonstrates the commitment of an organization to protect its customers’ data and information, ensuring that they can feel safe about their integrity and privacy. Whispli places the utmost importance on this trust and we are thrilled to feature this badge amongst our other commitments:

 

Next steps

SOC 2 Type 2 certification

Our commitment to security doesn’t end here. Regular audits will be conducted to maintain our level of compliance with AICPA’s principles and standards.

After completing the first six months under security controls, our SOC 2 Type 2 certification will be complete.

Far from the tick-the-box exercise, we are confident in our ability to maintain the highest level of data security, based on our company values placing trust and security above all.