Security first: Our annual SOC 2 Type II audit is complete

We successfully completed our annual SOC 2 Type II audit for the third consecutive year!

Data security is critical, and SOC 2 is just one part of how we protect your data. 

SOC 2 is an auditing procedure that ensures service providers have proper data and privacy protections in place for sensitive data. Organizations that want to achieve this certification need to implement a series of controls and go through an audit with an external auditor. They also have to set their own standards so that they can say, "Yes, we are actually doing the things that we say we're doing!" when a third party comes in to audit them.

What makes SOC 2 so important?

SOC 2 is an industry-recognized certification that demonstrates our adherence to the highest standards of data security and privacy.  Flatfile's SOC 2 Type II compliance is a critical aspect of our commitment to maintaining high standards of security, availability, confidentiality, processing integrity and privacy.

The SOC 2 Type II audit is a rigorous process that assesses the effectiveness of systems over time, rather than just at a single point in time. This ongoing observation period ensures that we’re continuously improving our security measures and adapting to emerging threats. We carefully examine components like identity and access control, conduct penetration testing, and perform vendor reviews to assess our risk management processes.

We're not just looking at the security of the Flatfile Platform but also at any vendors we use that might have access to any of our systems. We review whether they have a SOC 2 report in place, whether they do penetration testing and generally, whether or not they do the same things we do to protect our customers.

At Flatfile, our compliance team includes dedicated subject matter experts from across the company. Every team at Flatfile owns security and compliance, and we don't have an isolated compliance team because data security starts with each of us.

This process isn't just about security for the Flatfile Platform. It's also about security for our HR controls, disaster recovery, backups and more. This comprehensive approach ensures that your data is protected at every stage, from collection to storage and processing, and in every aspect of our operations.