What is SOC 2?

SOC 2 was developed by the American Institute of CPAs (AICPA) and defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy. It’s the gold standard for determining security compliance for SaaS applications that handle customer data.

Why Spendflo sought SOC 2 compliance?

Spendflo helps hypergrowth businesses buy and manage their SaaS data. Since our SaaS platform connects and processes essential customer data, it is deeply important to us that we adhere to the highest standards of security and privacy across our products, services, and internal policies.

What are the requirements for SOC 2 compliance?

To pass SOC 2 Type 2 certification, Spendflo implemented security policies and practices that all employees follow. We demonstrated that our internal systems and infrastructure were secured correctly and monitored against internal and external threats. We were audited by an independent auditor that submitted a report detailing their review of our security policies and practices. If you’d like a copy of the report, let us know.

What Spendflo’s SOC 2 compliance certification means for you?

By undergoing SOC 2 compliance, any customer or partner that works with Spendflo can rest easy knowing, we take security and privacy seriously. We follow the same general policies, guidelines, and best practices that other established SOC 2-compliant companies have.

Where are we going from here?

We intend to renew our certification annually with an independent audit - your security and privacy are our top priority.