Internal:
- SOC 2 Type 1 Report: https://www.notion.so/SOC-2-Type-1-Report-Sharing-with-Customers-dfe28d1fec7c4269996d11c906186293
- We implicitly comply with a 2FA requirement (if it is one). Example: a customer uses SSO, that has 2FA configured on the SSO provider side. (edited)
Answer:
Procurify is SOC 2 Type 2 compliant
What is SOC2?
The SOC 2 audit is one of the world's highest recognized standards of information security compliance.
It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls concerning information security. The SOC 2 Audited Report is the auditor’s opinion on how an organization’s security controls meet the SOC 2 criteria. To obtain our audited SOC 2 Report, a third-party auditor reviewed our internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup and disaster recovery, security incident response, and other critical business areas.
Additional Information:
- Procurify is SOC 2 Type 2 compliant. To get access to the report, please reach out to your Procurify representative.