VendorPanel Announces SOC 2 Type II Certification

Security and compliance have always been top of mind at VendorPanel. We are committed to building solutions that aim to safeguard your organisation’s data all the while facilitating compliance with local and international regulations. And today, we are proud to announce that VendorPanel has achieved SOC 2 Type II certification.

What is SOC 2 Compliance?

Developed by the American Institute of Certified Public Accountants (AICPA), a SOC 2 information security standard is a report that validates the following Trust Services Criteria: security, availability, integrity, confidentiality, and privacy. These internal reports provide organizations and their regulators, business partners, and suppliers, with important information about how the organisation manages its data.

In our journey to get SOC 2 compliant we learned many valuable lessons that we’d like to share with you.

Achieving SOC 2 Certification is Not Easy

• It's NOT just an engineering activity. A group effort involving nearly all facets of the business is needed (Human resources, Operations, Engineering & Platform)
• Upfront efforts in Engineering automation will pay huge dividends
• Wherever possible automate the gaps and utilise a compliance automation product like Vanta that can leverage automation to help you track and maintain your compliance levels
• You need a champion (or champions) to keep the effort on track

Already Being In The Cloud Paid Huge Dividends For Us

• Being cloud first and utilising IaaS (Infrastructure as a Service) & PaaS (Platform as a Service) meant that we could deliver our infrastructure using IaC (Infrastructure as Code). This was done to enable our DR (Disaster Recovery) workflow to meet our RTO (recovery time objective) & RPO (recovery point objective) mandates but had the added benefit of allowing us to leverage the existing utility to meet our SOC 2 requirements. All we had to do was integrate!
• Choose a compliance automation vendor that can integrate deeply into your nominated Cloud Service Provider

Reflect & Share the Knowledge

• SOC 2 compliance is a group effort, and as with any growing business, SPS (Single Point Sensitivity) can result in huge levels of friction to velocity. SOC 2 compliance requires ongoing effort to maintain, and it shouldn't be just up to a chosen few to meet those expectations.
• Once you've achieved your certification, it is important to undertake a retrospective and recognise BOTH what did and didn't go well. Learn from that, take it forward, and engage in a mindset of continuous improvement.

Thanks to a company-wide effort here at VendorPanel, and with the help of our trusted partners at Johanson Group and Vanta, we successfully achieved SOC 2 compliance and received an Auditor’s Report, which outlines how our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria. In fact, by partnering with Johanson Group, we can confidently say we go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework throughout the year, and not just during the audit window.

Keeping the platform and its information secure is fundamental to our business, and the foundation on which our customers’ trust is built. The successful completion of our SOC 2 Report is one of many ways we have planned to earn and retain that trust. SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs.

If you have any questions, please do not hesitate to contact us.