Here's a question with a very obvious answer: how important is data security for your organization's success?
If you answered with "critical", "monumental", or other synonyms for "very, very important", you're spot on.
But once you’re past acknowledging the basic requirement for enterprise-grade security, you may not know how to best measure your vendor's commitment to protecting your data.
As an enterprise performance management platform, we understand the challenges businesses face when managing their data and strive to ensure that their information is kept safe and secure.
That’s why it’s so significant for us to share that we’ve recently obtained our SOC 2, Type 2 and SOC 3 final reports. In simple terms, this means we guarantee enterprise-level data security and adhere to the AICPA SOC2 standards for secure services — in addition to our existing SOC 1, Type 1 compliance.
This important milestone in our efforts to bring top-class security to our customers means we’re able to justify and maintain the deep sense of trust our customers have in our handling of their data.
Read on for a brief overview of our latest achievement and other security measures at Pigment.
What is the SOC 2 Type 2 report?
The Service Organization Control (SOC) 2, Type 2 report is a comprehensive audit of the controls protecting an organization's data and systems, issued by an independent third party.
It provides detailed information about security measures like encryption, access control, physical safeguards, network protection and monitoring, identity management and more. It also covers how these measures are monitored and maintained over time to ensure they remain effective.
In addition to assessing an organization's technology environment, the report will make sure that procedures are in place to protect any personal or sensitive customer data that could be stored within it.
The scope of the report goes beyond just a one-time assessment — it requires software vendors to run regular checks and tests on their systems in order to maintain compliance. The goal is always to ensure sustained and fully transparent security protocols.
What are the implications of Pigment obtaining the SOC 2, Type 2 report?
Obtaining a SOC 2, Type 2 report provides organizations with a way to demonstrate their dedication to protecting sensitive data, safeguarding their systems, and better serving their customers.
At Pigment, we use the report to demonstrate to potential and existing customers that we are fully committed to sound security practices. Additionally, evidence of compliance with security standards provided by the report can also ease the procurement process, as our customers’ security teams trust this widely-recognized industry standard.
We’ve also obtained our SOC 1, Type 1 and SOC 3 reports — demonstrating our consistent dedication to complying with security standards through our experience as an EPM leader.
Our SOC 1, Type 1 report, which audits our internal safety practices, in turn assists with the auditing of our financial statements.
The process of obtaining each of these reports requires us to take a deep dive into our IT infrastructure and processes, enabling us to identify and correct any weaknesses in our security systems proactively.
All of these benefits help us operate securely, while providing our customers with peace of mind about their data safety.
What are some other ways Pigment protects customer data?
We are committed to protecting the personal information of our customers and believe that doing so is not only a legal obligation, but also an ethical one.
To ensure the safety and security of our customers' personal information, we have implemented a range of technical and organizational measures.
We conduct regular security audits to identify and address vulnerabilities, encrypt personal data at rest and in transit to protect it from unauthorized access, and restrict access to sensitive information to authorized personnel only.
We also comply with all applicable laws and regulations related to data protection, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We continuously review and update our security measures to adapt to new threats and ensure that our customers' personal information is always protected.
In case of any potential security breaches, we have a robust incident response plan in place to handle the situation and we promptly notify our customers and relevant authorities. We also provide our customers with all necessary information to help them understand the situation and take appropriate action.
We employ strict access controls and regular employee training to ensure that our employees are aware of the importance of data security and are able to identify and prevent potential threats.
Overall, we take a proactive approach to security and are dedicated to protecting our customers' personal information at all times. We are continuously reviewing and updating our security measures to ensure that we stay ahead of potential threats and provide our customers with the highest level of security.
Learn more about our security measures on our security page.