What is SOC 2 Type II compliance?
SOC 2 Type II Compliance is a security standard that ensures companies’ data systems and processes are secure, reliable, and confidential.
It involves evaluating the systems, procedures, and policies of a company to ensure they meet certain security criteria, such as protecting customer data from unauthorized access or malicious attacks. Companies must be able to show that they have processes in place to protect their customers’ data and information privacy.
In order to become SOC 2 Type II compliant, a company must undertake a rigorous audit process that involves implementing and demonstrating adherence to numerous technical, physical, and administrative security controls as specified by the American Institute of Certified Public Accountants (AICPA).
These controls cover a range of areas such as organizational structure and standards for governance, system operations, access control, availability, processing integrity, data confidentiality, and privacy.
During the audit process, organizations must provide evidence that they are in compliance with all relevant regulations governing their operations while at the same time maintaining an appropriate level of internal controls over their systems.
Organizations also must provide evidence of consistent review and evaluation of their existing IT systems against any potential threats.
Why compliance is important for our customers
SOC 2 Type II compliance is important for three main reasons.
- First and foremost, you can rest assured knowing that your data is protected by strong cybersecurity measures. We are taking the appropriate steps to secure your data and maintain its confidentiality, integrity, and availability. Your sensitive information is securely stored and managed in accordance with the highest industry standards.
This includes frequent audits of our systems to verify that all security measures are followed properly and to protect against any potential vulnerabilities. We ensure your data remains safe even when dealing with external threats or unauthorized access attempts.
- It speeds up and streamlines any security checks your company might require. We’ve been independently audited to provide assurance that all necessary measures are being taken to protect customer information. Our audit report is available by request – just drop us a note at security@teamohana.com.
- It’s good for your brand as you continue to grow, seek additional investment, and work with your own customers. Working with compliant vendors makes these external processes just a little bit easier.
How TeamOhana protects your sensitive data
Data encryption at rest
We ensure that customer data is always encrypted while in transit and at rest.
Security governance
TeamOhana is hosted in the US West region of Amazon AWS. We’ve implemented security best practice requirements, including both physical and infrastructure security.
Single Sign-On (SSO) & Multi-Factor Authentication
We support SSO with all the standard Identity Providers through the SAMLv2 protocol. We have also enforced the use of Multi-factor Authentication (MFA) across the board for all internal tools and services.
Robust access control
TeamOhana ensures a fine-grained Permissions and Access control to let customers configure what users can do, see, or modify. You can keep track of changes with the Audit trail feature.
Disaster recovery
Database disaster recovery is the process of restoring a database to a previous state in the event of a disaster, such as a hardware failure, natural disaster, or cyber attack. It's important for enterprises to have a disaster recovery plan in place to ensure that their critical data is protected and can be quickly restored in the event of an incident, minimizing downtime and data loss.
TeamOhana has a robust database backup and restoration process in place which is tested at regular intervals.
To learn more about how we’re protecting sensitive data or get a copy of our report, contact us.
About TeamOhana
TeamOhana is a headcount management platform built for fast-changing businesses.
We empower companies to plan and manage headcount more efficiently and in real-time. By integrating with HRIS, ATS, and compensation data, we unify people, processes, and data in a collaborative platform so companies can achieve their business goals faster.
It’s the single source of truth for Finance, HR, Talent, and hiring managers to connect, refine, and grow responsibly.
Ready to solve headcount? Schedule a demo ->