Back to blog

Key takeaways from our journey to SOC 2 compliance

Darma Muthiayen
VP of Engineering
February 8, 2021

Security is #1

At Findem, the protection of our customers’ data is our highest priority. We want our customers to know that their data is safe and secure with Findem. We pride ourselves on having the most robust security safeguards and being responsive to our customers’ special security requirements.

What SOC 2 compliance means for Findem

Findem is pleased to share that we’ve attained SOC 2 compliance, which means that the company has put in place a security control environment that has been audited by a third-party evaluator certified by the American Institute of CPAs (AICPA). This audit engages the Trust Services Criteria, published by the AICPA, to evaluate the effectiveness of a service organization’s controls.

Security is a keystone in Findem’s approach to achieving enterprise readiness. Being SOC 2 compliant demonstrates our success in putting in place the controls required for a robust and secure platform. Following our completion of our SOC 2 Type 1 audit, we will be moving forward with securing our SOC 2 Type 2 certification to ensure regular monitoring of our systems and controls, and to maintain compliance with industry standards.

How we tackled SOC 2

Findem launched its SOC 2 certification process with one team member dedicated to overseeing the implementation of controls, policies, and processes. The team lead was tasked with coming up with a plan to include all the components we would need to address, and was able to pull in other team members for specific tasks and to ensure that key milestones were met on time.

Our SOC 2 partnership strategy

We decided to work with a partner that would provide tools to automate a substantial number of the tasks and controls we would be implementing. By reducing the number of manual tasks, we sought to ensure reliability in the implementation of our control environment, and to support timely completion of our audit.

Our audit timeline brought our company through a process of first documenting our internal policies, procedures, and controls, and creating an inventory of our assets. We then adopted new tools to implement multi-factor authentication and single sign-on. We onboarded our current employees, and assessed our vendors’ compliance with security standards. We conducted risk assessments on various aspects of our systems and controls, and finished by producing a comprehensive documentation of our systems and processes overall.

Our key SOC 2 takeaways

At the top of our list of takeaways for other companies getting started with SOC 2: it’s important to have a plan. Know that everyone in the company will be involved in some way; all of your company’s assets, policies, and processes will be reviewed, inspected, updated, and verified in the course of the certification process.

Last but not least, open lines of communication are key: it’s important to be in conversation with both your control automation vendor and your auditor, and to plan for regular syncs to make sure everyone is on the same page.

Findem + SOC 2: Where we’re headed from here

With our SOC 2 in hand, Findem is poised to accelerate the vendor security and legal review process for our enterprise customers. Findem’s SOC 2 will support the company as we scale in rapid growth mode, ensuring rigorand discipline in our processes as we grow. With our SOC 2 Type 1 squared away, we’re looking ahead and will be getting our SOC 2 Type 2 to ensure regular monitoring of our controls as well.

Want to learn about how Findem can help you build more engaged, diverse teams and close your talent gaps faster? Request a demo today.