Compliance
SOC 2 Attestation
Assai adhere to the SOC2 Attestation report (Type 2) assuring highest standards of security, ensuring the confidentiality, integrity, and availability of the data that relied on our products.
What is SOC 2?
SOC 2 is the international standard for IT Controls and processes created by American Institute of CPAs (Certified Public Accountants) to examine services provided by a service organization so that end users can assess and address the risk associated with an outsourced service. It is based on the following five Trust Service Categories:
(S) Security
Also known as common criteria: protect data from unauthorized access.
(A) Availability
ensure data can be accessed when needed.
(C) Confidentiality
Restrict unauthorized access to systems and data.
(I) Processing integrity
ensure that organizational systems process data accurately and reliably.
(P) Privacy
protect personal information.
SOC 2 adapts to the nature and needs of each organization, therefore, each organization can design controls that follow one or more principles of trust.
SOC 2 Type 1 vs SOC 2 Type 2
There are two types of SOC reports:
- Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles at a single point in time.
- Type II details the operational effectiveness of those systems over certain period in time. In the case of Assai, we received a SOC 2 Type II Attestation report.
Why SOC 2 is so important?
SOC 2 is one of the most well-regarded standards followed by SaaS companies to prove their commitment to information security and in this case Assai on its role in securing the data in our products. Assai undergoes audits performed by professional external auditors (CPA) who prepare the SOC 2 Report over the suitability of the design and operating effectiveness of applicable controls based on the five trust categories in our products.