Logo obtained from www.aicpa.org/soc4so
Data security is more important now than ever
A data breach is the last thing you, your clients, or your survey participants should ever have to worry about. This is why we’re proud to announce that, after a rigorous certification process, SurveyCTO is now SOC2 Type 1 certified.
The certification attests to SurveyCTO’s security, availability, processing integrity, confidentiality, and privacy.
SOC 2, or System and Organization Controls 2 certification, is an auditing process to assess the trustworthiness of services provided by a software service organization. The Type 2 certification observes operations for a specified period of time, while Type 1 evaluates security at a specific point in time. To become SOC 2 Type 1 certified, we worked with an independent auditing firm throughout 2020 who evaluated the systems we have in place based on five criteria set by the American Institute of CPAs (AICPA):
- Security – Our secure systems protect data. For example, fully customizable user permissions and siloed spaces for teams protect against unauthorized access. End-to-end encryption and data redundancy help you submit data securely.
- Availability – SurveyCTO is accessible, meaning our data collection tools are equipped to perform well and we have systems in place to handle security incidents appropriately.
- Processing integrity – You can trust SurveyCTO to process data accurately and in a timely manner. This doesn’t necessarily guarantee data integrity, as data may contain errors when entered into the system, but we have quality assurance procedures and features baked into the software to further increase reliability
- Confidentiality – Data that is confidential will be kept confidential. Access to confidential data is restricted to the people who need it and access is granted based on mutually agreed-upon terms.
- We don’t ask you for personal information unless we need it.
- We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
- We don’t store personal information on our servers unless required for the ongoing operation of one of our services.
The certification process resulted in an audit report that demonstrates our commitment to best practices within software security, the ability to securely manage your data, and internal compliance processes to ensure your interests, privacy, and data are protected.
Experience a survey tool with excellent security. Try a free 2-week trial of SurveyCTO.
It’s crucial not to have any weak links in your data collection processes
The SOC 2 Type 1 certification is a reliable way to know you can trust an organization to adhere to its data security standards, and our standards are high. Data security is the backbone of what we do.
Here’s how SurveyCTO compares to other data collection service companies when it comes to data security certifications.
As a company, we’re SOC 2 Type 1 certified. Other tools, including the platforms below, may be hosted on SOC 2 certified platforms like Amazon Web Services (AWS). You can learn more about other survey platforms’ security standards by reading their security policies.
|Data Collection Platform||Company SOC 2 Certified?|
SurveyMonkey, Qualtrics, and Google Forms all host their data in SOC accredited data centers as part of their security standards. Formstack uses an external security hosting provider that is SOC certified, though Formstack is not SOC certified itself. Typeform and iFormBuilder are pursuing SOC certification, though they are not yet certified.
Learn more about SOC 2 Type 1 certification and our commitment to data security
We’re making the full SOC 2 Type 1 audit report available to enterprise users of SurveyCTO. If you have or are interested in an enterprise subscription email us at firstname.lastname@example.org to inquire about accessing the report.
Otherwise, if you have any questions about the certification, please reach out to us at email@example.com.
If you’re interested in a General Data Protection Regulation (GDPR)-compliant software setup, this article provides an overview. You can also write to us at firstname.lastname@example.org or open a support ticket to speak to a team member about your specific needs.
To learn more about SOC 2 certifications in general, explore:
- This article on the importance of SOC 2 compliance for security-minded businesses
- The AIPCA website, including this resource on SOC for service organizations
Try SOC 2 certified survey software with a free trial