Deepgram has achieved the Service Organization Control (SOC) 2, Type I certification. What does that mean to our customers and prospects?
SOC 2 Type I certification means an independent auditor has examined our systems and processes and determined that we have best practices in place for securely managing data to protect the interests and privacy of our customers. We have been a trusted partner for many SaaS and Enterprise companies and this certification confirms our systems are using industry best practices for security, confidentiality, and privacy.
If you are engaged with any SaaS company, at a minimum they should meet SOC 2 Type I certification requirements to ensure their customer’s data is secure, available, and private.
SOC 2 has five main principles:
- Security – Best practices are implemented to prevent unauthorized access to a company’s systems.
- Availability – A company can meet its Service Level Agreements for accessibility.
- Confidentiality – The use, access, and protection of information as stipulated in customer contracts can be met.
- Process Integrity – The company and its systems can achieve their stated purpose.
- Privacy – The disclosure and disposal of data are in line with the privacy notice of the company and the generally accepted principles of the American Institute of CPAs.
We are not done yet, as we are also working towards our SOC 2 Type II certification or the gold standard.
Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles. Type II details the operational effectiveness of those systems. Just as it sounds, Type II certification is a long process that is the root canal of security and privacy auditing for SaaS companies, but we are ready.