Document Crunch Secures SOC 2 Type II Certification, Reinforcing Commitment to Data Security and Compliance for Clients
By Adam Condron, Director of Customer Operations
We’re pleased to announce Document Crunch has successfully completed its first SOC2 Type II audit. You can now request this report from our new Trust Center.
What is SOC compliance?
It’s interesting how these reports came to be. SOC audits grew out of a need companies had decades ago to ensure their vendors could be trusted with highly sensitive business processes, such as payroll.
It’s difficult for a company to know the controls that every prospective vendor may have in place, so a certification process was born. An auditor checks the vendor’s controls, usually annually. The vendor can then provide the auditor’s report to its customers and prospects to show that an independent third-party attests to the fact that they’re following industry standard practices in their work for their customers.
Fast forward to the present day. SaaS companies address all manner of different business needs. Even small companies may subscribe to dozens of different SaaS vendors.
What does this mean to you?
There are different levels SOC compliance. SOC2 is designed for assessing cloud vendors like Document Crunch. Type II is the more rigorous of the SOC2 compliance standards. Type I only assesses that controls are in place at a point in time. Type II checks evidence that these controls are working effectively over a year. In our case, our first report covers a three-month audit review period, which is typical for a first-time SOC2 Type II report. This shorter audit review period allows for quicker course corrections if anything is amiss.
SOC2 Type II reports offer this same independent, third-party review of business controls working over a period of time, helping build trust between the vendor (that’s us) and you, our customer.
With our SOC2 Type II certification, you can be sure that we are following industry best practices for safeguarding your confidential information. These practices range from our comprehensive risk review program to technical controls on how your construction contract data is stored and transmitted.
Why was this important?
I’ve been very happy to lead this effort since joining Document Crunch in May of 2023, and everyone at Document Crunch has been a great help. My fellow Crunchers all understand the importance of this work. It’s not just about the certification or a checkbox.
The whole company has embraced this SOC2 work as an opportunity to improve, to tighten up our policies and procedures, to toughen our solution’s security, and generally to do the right thing.
We all want to make sure Document Crunch is a company you can trust. Our commitment to maintaining SOC2 Type II compliance is just one way we’re showing you that we are.