Belmont, California, October 20, 2021 - Guidde, the world-leading solution for organizational Knowledge-On-Demand announced today that it has successfully completed its information security and privacy audit and is now SOC-2 Type 2 compliant.
Why does SOC-2 matter?
SOC 2 was developed and is maintained by the American Institute of CPAs (AICPA). It is the gold standard for determining security compliance for SaaS applications that handle customer data. Guidde deals with organizational knowledge, which by definition accounts for any business’s IP and intrinsic value. If we compare businesses to living organisms, the way knowledge is created and shared across an organization is as crucial to its existence as a body’s bloodstream. Hence, the information and data that lies within our customers’ organizational knowledge is highly sensitive and needs to be treated accordingly, on all “trust service principles” defined by SOC-2—security, availability, processing integrity, confidentiality, and privacy.
What are the requirements for SOC 2 compliance?
To pass SOC-2 Type 2 certification, Guidde had to put into place security policies and practices that all Guidde employees follow. We also had to demonstrate that our product, as well as our internal systems and infrastructure, were properly secured and monitored against internal and external threats. Lastly, we make sure that all employees receive security training and new employees undergo background checks. You can learn more about our commitment to keeping our customers’ information safe on our website.
Can the SOC-2 certification expire?
The SOC-2 Type 2 certification is not valid for a lifetime. It rightfully needs to be renewed every year, to ensure companies are not cutting some slack on the security front. At Guidde, we intend to annually renew our certification but we are also continuously monitored to ensure ongoing compliance using our partner Vanta; so our customers and partners can be confident that we hold security and privacy as a top priority.
Key Learnings - Security is a process, lay the foundations right off the batt
If you're an early-stage B2B startup aiming to sell to Enterprises, the question is not whether you're going to need to get SOC-2 certified, it's when. And the answer is quite easy to guess: whenever you land that first Enterprise prospect, which is also when you're going to probably be extremely busy with other tasks. So the best advice when it comes to SOC-2 is to start the certification process very early on in your company's life.
Also, because once you get SOC-2 compliant, it's only a matter of 12 months before you need to start the audit process all over again (which in startup life equates to 12 years, granted...!), it's a good idea to be monitored in an ongoing fashion, so you and your customers are always on the compliant side of startup business life.
A copy of Guidde’s SOC 2 Type 2 report is available for customers upon request.
