iCapture Achieved SOC 2 Type II | Why That Matters
Data security and compliance are not the most entertaining topics to discuss, but they are critical to many business industries. And when we think about the events industry, data security and compliance don't immediately come to mind, but it's a growing trend.
So why did iCapture get SOC 2 Type II compliance? Well we talked with our Chief Operating Officer, Sean Brown, to get some insights.
What is a SOC 2 Type II?
It's a certification affirming that you meet or exceed the trust service criteria for client data & privacy standards. A SOC2 Type II certification is affirming that you have these protections in place and that you have been observed to have them over an extended period of time. And can you prove to us that it's built into your infrastructure and working correctly?
We had a SOC 2 Type I; why get a Type II?
Our team knew we had the security standards & infrastructure to meet this Type II certification. It's just the time investment that was the difference. To get Type I certified, you can do that in less than a month. So we thought taking the extra time to prove to our customers that not only do we meet the specs and the criteria for the SOC 2, let's go ahead and prove that we do it over a more extended period with a more comprehensive audit, which is what a Type II is.
We're seeing more and more maturation in the security expectations for Software as a Service (SaaS) platforms to have higher standards, and this is across all companies. Everyone is maturing. And with that, we wanted to get in front of the curve for our customers and ensure that they know that we take these things seriously and that their data and information are protected.
Does this change anything for our current customers?
Overall, no, it will be business as usual for our clients, but they may notice a few changes that were a result of our newest certification.
They'll notice that our account lock-out time is reduced to provide more protection if their session is idle. Also, password protection measures will block you if attempt too many times incorrectly. So those are examples of very simple things that we improved to make sure that we're meeting best practice standards in security.
Is SOC 2 Type II standard in the events industry?
It's pretty rare. I mentioned this becoming a new requirement in the SaaS industry, but I have yet to see this reflected in the trade show and events industry. Badge providers and lead capture apps are not in the data security and compliance conversation. I have heard about more show organizers asking about these requirements because they have exhibitors in regulated industries; I bet this will become a wave of change in the next few years.
Whether you're an existing client of ours or looking for a new solution provider, this certification is a testament to how seriously we view our partnership with you and the level of standards we hold for our product and data security.