We're happy to announce that as of today FileInvite is SOC2 compliant. Meaning third party auditors have verified that we follow best practices with respect to security.
What is SOC2
SOC 2 is an auditing procedure that ensures service providers securely manage data - to protect the interests of their clients and the privacy of their clients' clients.
For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
The report was developed by the AICPA (American Institute of Chartered Professional Accountants), and it is specifically designed for service providers storing customer data in the cloud. That means SOC 2 applies to nearly every SaaS company, as well as any company that uses the cloud to store its customers’ information.
Before 2014, the AICPA stipulated cloud vendors only had to meet SOC 1 compliance requirements. Now, any company storing customer data in the cloud must meet SOC 2 requirements in order to minimize risk and exposure to that data.
In order to obtain compliance, a number of reports and measures were taken over a period of months:
Working through a Gap Analysis Report produced by a SOC2 auditing company.
Implementing policies and procedures with defined controls as to how FileInvite will comply with them.
Having SOC 2 compliance is recognition of our commitment to keeping client data secure.
We understand the importance of security and are excited to continue our compliance and certification journey across many global standards.