GivingData has just completed the audit process and been issued the Service Oriented Control (SOC) certification. The audit was conducted by a third party CPA firm. GivingData’s certification is the SOC 2 Type 2 which is defined by the American Institute for CPAs (AICPA), the certification’s governing body, as follows:
These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls. These reports can form an important part of stakeholders:
- Oversight of the organization
- Vendor management program
- Internal corporate governance and risk management processes
- Regulatory oversight
Having completed the audit process ensures GivingData operates in accordance with industry standards and best practices for professional services and technology product developers, providing trust and confidence in service delivery processes and controls. More information about the SOC 2 Type 2 report can be found on the AICPA website.