With a dramatic increase in cyber-attacks and data breaches, it’s more important than ever for us to have confidence in our business relationships. This is especially true of the relationship between buyers and vendors. Having recently announced the successful completion of our SOC 2 Type 2 audit, we wanted to take a moment to explain what that means to InFlight’s customers, partners, and community.

 

What is SOC 2?

Developed by the American Institute for Certified Public Accountants (AICPA), SOC stands for Systems and Organization Controls. According to AICPA, SOC 2 focuses on “controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.” Translation? SOC 2 certification works to confirm if the information systems and controls that a service organization employs meet security standards for processing data and other user information.

There are two types of SOC 2 reports. Type 1 examines management’s description of the organization’s system of controls and suitability of the design of its controls. Type 2 confirms the operational effectiveness of those systems and controls over a disclosed period of time. In layman’s terms, it confirms that we’re actually “walking the walk” when it comes to security.

The SOC 2 process is voluntary, with an independent third party completing a report. External verification is key because it speaks directly to the service organization’s information security program, its willingness to be audited and offers independent validation of its adherence to SOC 2.

 

Our commitment to you

Information security is one of InFlight’s top priorities, and it’s why our information security program passes muster for leading Fortune 500 enterprise organizations. We know that you want to work with vendors able to protect your data in line with the industry gold standard for security policies and controls. That’s why InFlight took the initiative to have a third party assess and verify our longstanding security practices. Having completed our SOC 2 Type 1 and SOC 2 Type 2 certifications, there’s no need for a lengthy review on your end – we (and our independent auditor) have done that for you.

Having SOC 2 Type 1 means InFlight went through a thorough review of its policies, workflows, and procedures to assess the implementation and operation of security controls applicable to all data within the organization’s custody, including our customers.

Achieving our SOC 2 Type 2 was an important milestone for us because it further validated that the controls we have in place are being followed over a period of time. That ensures that not only do we have the right policies, workflows, and procedures in place, but we’re also adhering to these controls. SOC 2 Type 2 represents InFlight’s ongoing commitment to information security. In addition, it demonstrates transparency into our policies and practices as a vendor.

 

Why you should insist on SOC 2-certified vendors

The most important thing to note here is that SOC 2 is voluntary, and not every vendor is compliant. SOC 2 compliance and certification is difficult to achieve because security is about more than technology – it’s about well-designed policies and controls supported by processes and practices that cover the entire organization. Without a comprehensive approach, vendors may overlook critical elements of information security, such as:

  • Risk management
  • Onboarding, offboarding, and employee training
  • Third-party vendor management
  • Business availability and disaster recovery
  • Continuous monitoring and incident response

With our SOC 2 reports, there are no unknowns for you regarding our information security, privacy, and data handling. That helps make infosec reviews and sign-off an easy part of the vendor onboarding experience while offering everyone involved assurance and peace of mind.

At InFlight, our Information Security team consists of key stakeholders from across our organization. With security ingrained in our business, we have the expertise to enhance the security of existing application stacks, and we always do the right thing when it comes to information security. That’s why InFlight proactively took steps to attain our SOC 2 Type 2 certification – you’re only as strong as your weakest link, and the circle of trust extends to everyone – from buyers and vendors to partners and our community at large.

To learn more about our commitment to information security, visit our security page.
Copy link