- Ju-kay Kwek
Why both SOC-1 and SOC-2 matter for data-driven companies
Switchboard recently received SOC-2 compliance certification, in addition to SOC-1 compliance in 2020. For many enterprise software products, SOC-2 is de rigueur. SOC-1 less so. So why did we get both, and why did we get SOC-1 first?
In essence, customers needing to manage highly sensitive data required it. To borrow a definition from our auditors, SOC-1 is about customer controls and visibility into how their data is managed. SOC-2 is focused on a service organization's controls that are relevant to their operations and compliance, e.g. security, confidentiality, information privacy, processing integrity, and availability.
At Switchboard, we live and breathe data. On a daily basis, we process terabytes of customer data for some of the world’s leading media and retail enterprises, to provide teams with a single source of truth that enables them to make confident decisions about the business. In a word, Switchboard was built with SOC-2 in mind from day one.
SOC-1 is less common, and quite different. It focuses on an enterprise’s internal controls over financial reporting, data integrity, and accuracy. Public companies need SOC-1 compliant solutions to enable their CFOs to certify their quarterly financial statements, and for their Chief Compliance Officer to be satisfied that customer data is secure and compliant with CCPA, GDPR, and a growing number of privacy regulations. And that’s why we became SOC-1 compliant first. Our largest enterprise customers increasingly needed to rely upon the data Switchboard manages for revenue and related financial reporting.
The combination of SOC-1 and SOC-2 speaks more deeply about how seriously we take our role providing our customers with a single source of truth to confidently drive their business forward. They reinforce what we built into our platform from the outset, and the certifications recognize the hard work of our team integrating our vision into an essential element of our customer’s daily business operations.
Be Data Strong.