We at ReMatter are pleased to share that we have recently completed our System and Organization Controls (SOC) 2 Type II audit. This report affirms our commitment to the security & availability of our customers’ operations.
What is SOC2?
The SOC 2 audit is one the highest recognized standards of information security compliance in the world. SOC 2 is an auditing standard maintained by the American Institute of CPAs (AICPA) to test an organization’s internal controls for security and privacy.
It’s an objective, third-party system that signals to your customers that they can trust your platform to handle their information in a secure way. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
SOC 2 defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality, and privacy.
More specifically, there are two types of SOC 2 reports. While Type I reports cover competency at a specific point in time, Type II reports cover competency over a sustained period of time. A Type II audit provides a higher level of rigor, but requires more investment in time and money. At ReMatter, we elected to undergo the Type II audit, as we believe the investment in the safety & security of our customer’s data is worth the investment.
Our Security Partners
Our SOC 2 Type 2 Audited Report is the auditor’s opinion on how our organization’s security controls meet the SOC 2 criteria.
We obtained our audited SOC 2 Report by partnering with Secureframe and Insight Assurance who respectively helped us prepare for and review our internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup management, business continuity and disaster recovery, security incident response, and other critical areas of our business.
Thanks to a company-wide effort here at ReMatter, we successfully achieved SOC 2 compliance and received an Auditor’s Report, which we are happy to share with you to prove to you that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria. In fact, we can confidently say we go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework 24/7/365, not just during the audit window.
We believe the relationship with our customers must be built on trust. The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain that trust.
Looking Forward
SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program to ensure we keep supporting our customers’ needs.
Ready to modernize your recycling operations? Request a demo of ReMatter here or email us at sales@rematter.com
Note: SOC 2 is different from SOC 1, which focuses on an organization's financial statements and financial reporting. There is also SOC 3, which reports on the same information as SOC 2, but SOC 2 is a restricted use report and SOC 3 is a general use report meant for a broad audience
