Our commitment to Data Security and Trust
At Rollstack, we understand the significance of data security for our customers and our company. Our platform enables world-class companies to automatically create and update presentations and documents using data sources like BI tools, CRMs, or data warehouses. As part of our ongoing commitment to security, we are proud to announce that we have recently obtained our SOC 2 Type I attestation report and are now working towards achieving Type II compliance.
What is SOC 2?
SOC stands for "System and Organization Controls" and is a framework governed by the American Institute of Certified Public Accountants (AICPA). SOC 2 outlines five Trust Services Criteria (TSC) that service organizations can choose to meet: Security, Availability, Processing Integrity, Confidentiality, and Privacy. All SOC 2 reports must cover Security, and organizations can opt to add additional criteria to their report based on their business requirements.
To prepare a SOC 2 report, a third-party CPA firm evaluates two main questions: Are the controls adequate and appropriately designed to address the selected TSCs? And are the controls actually operating effectively in the day-to-day practices of the service organization?
Under the SOC 2 framework, there are both Type I and Type II reports:
Type I SOC 2 report is a point-in-time report. A CPA firm evaluates the controls in place at a service organization and determines whether they're appropriately designed and implemented effectively at a single point in time.
Type II SOC 2 report covers a significant period of time (generally at least six months). A CPA firm evaluates the design and implementation of a service organization's controls and also assesses whether the controls were operating effectively over the entire audit period.
Rollstack's SOC 2 Type I compliance is a testament to our dedication to securing customer data and maintaining a reliable platform.
Our Journey to SOC 2 Compliance
At Rollstack, we pursued SOC 2 compliance for three main reasons. Firstly, we wanted to hold ourselves accountable to a rigorous framework to ensure the safety of our customers' data. Secondly, we sought a streamlined, standardized way to communicate our security practices to our customers. Thirdly, we wanted to partner with the market leader in security to ensure security is at the center of what we build.
We partnered with Vanta to help define our controls and ensure they were operating effectively, and Advantage Partners served as the CPA firm that performed our audit. We initially obtained our Type I report and are now actively working towards achieving Type II compliance, further strengthening our commitment to data security.
Rollstack's SOC 2 Type I compliance is a testament to our dedication to securing customer data and maintaining a reliable platform. As we continue to grow and evolve, we will remain committed to upholding the highest standards of security and compliance, providing our customers with the confidence they need in our platform. Our ongoing pursuit of Type II compliance will offer even greater assurance of our commitment to safeguarding customer data and maintaining the highest security standards.