You are currently viewing You need a data collection tool you can trust: SurveyCTO is SOC 2 Type 1 certified

Logo obtained from www.aicpa.org/soc4so 

Data security is more important now than ever

A data breach is the last thing you, your clients, or your survey participants should ever have to worry about. This is why we’re proud to announce that, after a rigorous certification process, SurveyCTO is now SOC2 Type 1 certified.

The certification attests to SurveyCTO’s security, availability, processing integrity, confidentiality, and privacy. 

SOC 2, or System and Organization Controls 2 certification, is an auditing process to assess the trustworthiness of services provided by a software service organization. The Type 2 certification observes operations for a specified period of time, while Type 1 evaluates security at a specific point in time. To become SOC 2 Type 1 certified, we worked with an independent auditing firm throughout 2020 who evaluated the systems we have in place based on five criteria set by the American Institute of CPAs (AICPA):

  1. Security – Our secure systems protect data. For example, fully customizable user permissions and siloed spaces for teams protect against unauthorized access. End-to-end encryption and data redundancy help you submit data securely.
  2. Availability – SurveyCTO is accessible, meaning our data collection tools are equipped to perform well and we have systems in place to handle security incidents appropriately.
  3. Processing integrity – You can trust SurveyCTO to process data accurately and in a timely manner. This doesn’t necessarily guarantee data integrity, as data may contain errors when entered into the system, but we have quality assurance procedures and features baked into the software to further increase reliability
  4. Confidentiality – Data that is confidential will be kept confidential. Access to confidential data is restricted to the people who need it and access is granted based on mutually agreed-upon terms.
  5. Privacy – We adhere to our privacy policy, which means:
    • We don’t ask you for personal information unless we need it.
    • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
    • We don’t store personal information on our servers unless required for the ongoing operation of one of our services.

The certification process resulted in an audit report that demonstrates our commitment to best practices within software security, the ability to securely manage your data, and internal compliance processes to ensure your interests, privacy, and data are protected.

Experience a survey tool with excellent security. Try a free 2-week trial of SurveyCTO.

It’s crucial not to have any weak links in your data collection processes

The SOC 2 Type 1 certification is a reliable way to know you can trust an organization to adhere to its data security standards, and our standards are high. Data security is the backbone of what we do. 

Here’s how SurveyCTO compares to other data collection service companies when it comes to data security certifications.

As a company, we’re SOC 2 Type 1 certified. Other tools, including the platforms below, may be hosted on SOC 2 certified platforms like Amazon Web Services (AWS). You can learn more about other survey platforms’ security standards by reading their security policies.

Data Collection PlatformCompany SOC 2 Certified?
SurveyCTO
Qualtrics
SurveyMonkey
Google Forms
CommCare
TypeformIn progress
iFormBuilderIn progress
FormstackX
KoboX
ODKX
ONAX
REDCapX

SurveyMonkey, Qualtrics, and Google Forms all host their data in SOC accredited data centers as part of their security standards. Formstack uses an external security hosting provider that is SOC certified, though Formstack is not SOC certified itself. Typeform and iFormBuilder are pursuing SOC certification, though they are not yet certified. 

Learn more about SOC 2 Type 1 certification and our commitment to data security

We’re making the full SOC 2 Type 1 audit report available to enterprise users of SurveyCTO. If you have or are interested in an enterprise subscription email us at sales@surveycto.com to inquire about accessing the report. 

Otherwise, if you have any questions about the certification, please reach out to us at info@surveycto.com

To learn more about our fundamental principles and how we adhere to them, read our Privacy Policy. It provides an overview of our commitment to privacy through our software and internal policies.

If you’re interested in a General Data Protection Regulation (GDPR)-compliant software setup, this article provides an overview. You can also write to us at info@surveycto.com or open a support ticket to speak to a team member about your specific needs.

To learn more about SOC 2 certifications in general, explore:

Try SOC 2 certified survey software with a free trial

Start a free trial