At Passbase, we take security very seriously. That means we have built security directly into our products! We are constantly performing both internal and external audits and improving our security measures, as well as ensuring we remain up to certification standards.
We are SOC 2 Type II certified.
What is SOC 2?
SOC 2 is an auditing framework developed by the American Institute of Certified Professional Accountants (CPA) that outlines standards for handling customer data. SOC 2 has 5 service principles, which include:
- Security: Ensures the Passbase platform is secure against data breaches.
- Privacy: All information collected by Passbase must be in accordance with the privacy principles specified by the CPA.
- Availability: Ensures that Passbase is available for use and will be used according to the agreed to terms.
- Processing integrity: Ensures that Passbase's processing is complete, accurate, well-timed, and authorized.
- Confidentiality: Ensures that the information held by Passbase is kept confidential.
A SOC 2 report confirms that organizations have security procedures in place to protect the privacy of their users' data. SOC 2 Type II reporting assures Passbase users that our platform is secure against potential threats, that data is delivered accurately, and that all information is stored confidentially. SOC 2 is meant to give Passbase clients transparency around the security measures that we have in place to protect your users' data for your own reporting purposes and to build trust with your end users.
The report focuses on the following areas:
- Infrastructure: The physical and hardware components that support Passbase and allow us to deliver our services.
- Software: The operating software and programs that Passbase uses to facilitate data processing.
- People: The personnel involved in the management, security, governance, and operations at Passbase delivering services to our users.
- Data: The information processed within the Passbase platform.
- Procedures: The manual or automated procedures that Passbase has in place to ensure the platform is able to run day-to-day.
The auditing process takes several months and is an independent audit performed by a certified third-party auditor.
For more information, please see the CPA website here.