Data security is one of the most important concerns for both us and our customers. That’s why we are thrilled to announce that RevOps is now SOC-2 Type 1 compliant.
Being SOC-2 compliant means that we as an organization are following recognized standards and controls in securing our customers’ data.
What Does SOC-2 Type I Compliance Mean?
For B2B companies data security has never been more important. With the proliferation of data breaches and hacks, companies must know that their software or service providers are fully compliant with all the best practices for security.
There are two types of SOC-2 certification:
Types I: This certification ensures that a vendor’s systems are designed with appropriate controls to meet SOC-2’s strict security requirements. It is a certification that, at the time of the audit, the vendor was in compliance with all the necessary structures for data security and availability.
Types II: This certifies that the vendor’s security systems and processes are effective over time.
As part of the compliance process, RevOps has undergone an extensive external audit which has verified that we have all these processes in place.
Security Trust Principle
Being SOC-2 certified means that the data handled and managed by RevOps is classified in accordance with the highest standards.
As a company in compliance with the SOC-2 Security Trust Principle, RevOps has been certified in the protection of resources against unauthorized access, as well as access controls and policies to keep data secure.
What Does SOC-2 Mean For RevOps Users?
As part of our audit, we have now been certified as having implemented a variety of procedures, technologies, and processes in order to keep your data secure.
Here are a few highlights:
Whistleblower Submission Form
RevOps has now implemented an anonymous submission form that is available directly on our website that enables employees and others to report suspected fraud or other improper activity.
Business Continuity and Disaster Recovery Plan
In order to maintain the continuity of our platform in the event of some unforeseen circumstances, RevOps maintains a portion of our critical information systems across multiple servers. If for whatever reasons, we experience downtime on our main servers, our system will seamlessly move to our backups without disruption.
Data Encryption & Access Controls
The SOC-2 audit has established that all sensitive data processed through the RevOps system is encrypted and secure against third-party threats. By leveraging VGS, RevOps tokenizes financial data so that it never crosses our system. With access control mechanisms in place, as well as industry-standard firewalls and intrusion detection systems, our server and network systems are secure.
Change Management Policy
Any changes made to the RevOps system are done through a rigorous process that ensures control and monitoring of both our application and infrastructure. Standard changes are documented and require a multi-step approval process.
Application Security & Automated Data Backup
A full battery of tests was initiated for all known vulnerabilities using both automated and manual tools. This included manual penetration testing techniques meant to determine if any vulnerabilities exist.
Prior to the release of any new code, a thorough review process takes place in which all code is reviewed and all hardware is scanned for vulnerabilities. In addition, routine automated data backups are in place, ensuring that any failures are identified and logged.
In the unlikely event of a major incident, RevOps has a robust recovery plan in place. Our cloud-hosted infrastructure ensures that any physical disaster occurring at RevOps will not impact our systems. In addition, the providers hosting our systems have their own procedures in place to maintain the continuity of our systems.
Your Data is Our Number One Concern
From the inception of RevOps, the security of our users’ data has been our biggest priority. Our SOC-2 certification is just one aspect of our commitment to data security and we will continue to invest considerable resources to ensure the highest level of safety for our users and our system.