Smartlook is now SOC 2-compliant

Smartlook is now SOC 2-compliant

Joanna Kaminska
Joanna Kaminska (Smartlook Team)  |  Last updated: Sep 5, 2022
3 mins read
Learn about the SOC 2 security certificate. See our approach to privacy. Read what SOC 2 audit means for our clients and business partners.

The SOC 2 framework applies to Software as a Service (SaaS) companies that want to better safeguard the privacy and security of customer data. 

We’re happy to announce that Smartlook has received its SOC 2 Type II compliance certification. With the new certificate, we want to underline our effort towards better privacy and security standards of our clients’ data.

What is SOC 2 compliance?

The American Institute of Certified Public Accountants (AICPA) established the Service Organization Control 2 (SOC 2) standard. 

SOC 2 certificate is a voluntary compliance standard that assesses the procedures and control processes in an organization. It simply sets an international standard for collecting and exchanging information.

There are two types of SOC 2 audit reports:

  • Type I describes the company’s systems and controls and the suitability of the design of those systems
  • Type II – checks the operating effectiveness of systems described in the Type I report

While General Data Protection Regulation (GDPR) is a gold standard for privacy compliance, SOC 2 holds the gold standard crown for security compliance. It’s especially important for companies that process any type of personal data.

An external auditor awards the SOC 2 certification after verifying the company’s compliance with 1 or more of the 5 trust service principles

  • Privacy
  • Security
  • Availability
  • Confidentiality
  • Processing integrity

Smartlook’s approach to privacy and security

From day 1, at Smartlook, we’re fully aware of our responsibilities toward our customers, stakeholders, employees, and the communities we participate in. This is why we want to align our organization with the strictest set of standards available.

How we support our clients in privacy-compliance

Our tool was designed according to “privacy by design” principles. It means Smartlook supports your and your end users’ privacy by:

  • Hiding sensitive data (wireframe mode, masking fields)
  • Enabling personal data collection after a proactive sign from the user
  • Anonymizing personal data or limiting its collection to the minimum by default

With those privacy safeguards in place, the tool supports GDPR, CCPA and LGPD compliance. It means you have full control over what type of data you track and collect. As a result, it’s easier for your business to stay in line with worldwide privacy regulations.

How we apply security measures to safeguard our clients’ data

We process our clients’ payments through a provider that is PCI Data Security Standard-compliant. It ensures that all transactions are protected.

In May 2021, Smartlook as a company became SOC 2 Type I-compliant. From December 2021, it’s also SOC 2 Type II-compliant. The external independent auditor examined Smartlook’s compliance with  the AICPA guidelines in accordance with  the ISAE 3000 standard.

We got certified in the 4 trust service principles, including:

  • Privacy
  • Security
  • Availability
  • Confidentiality
SOC 2 trust service principles

What does the SOC 2 certification mean for your business?

As a SaaS company, information security is of key importance. SOC 2 audit ensures that we securely manage your data and protect your interests. It also refers to the privacy of your end-users.

SOC 2 is another step in our journey towards full security compliance. The certification shows that companies of all sizes can trust our processes and controls around:

  • Data security and privacy (access controls, endpoint protection, infrastructure)
  • Software development (change management, vulnerability testing, disaster recovery plan (DRP))
  • Corporate governance (laws and regulations compliance, confidentiality, HR management)
“At Smartlook, we’re committed to providing a truly secure environment for our clients. The SOC 2 audit performed by an independent third party is 100% aligned with this objective. SOC 2 ensures that a company’s information security measures are in line with the unique parameters of today’s cloud requirements.”  
Ondřej Machek
Chief technology officer at Smartlook

Our commitment to data security and further plans

Meeting SOC 2 compliance establishes a new quality for our customers, who have the assurance that their data is safe according to the latest industry standards. This standard applies to all companies, regardless of whether they are a small, medium or large enterprises.

SOC 2 audits are our ongoing commitment to improving our privacy and security practices. That’s why we’ll renew the SOC 2 Type II certification every year, so you know that your data is safe with us.

Joanna Kaminska
Joanna Kaminska

is a content marketing strategist at Smartlook. She is a seasoned writer interested in storytelling, SaaS and new technologies. Her goal is to create content that is easy to understand for all. After work, she enjoys hiking and nature photography. | LinkedIn profile

0 %