Why Percent Pledge achieved SOC 2 Type II
Protecting the security, privacy, data, and trust of our growing community of do-gooders couldn’t be more important to Percent Pledge. Our proprietary workplace giving platform serves as the “social-impact system-of-record” for businesses of all sizes – and their people – so we understand how important it is to protect the safety and security of their philanthropic identities.
To ensure the safety of your data, we make use of numerous best practices – from using the latest cloud infrastructure technologies to implementing security-focused personnel policies. Beyond best practices, though, we knew that it would be important for us to complete our SOC 2 Type II certification, proving to our customers that our stated security practices are in place, active, and practiced every day.
After more than six months of investment and hard work, today we are proud to announce that:
Percent Pledge is now fully SOC 2 Type II compliant.
During the second half of 2020, it became crystal clear that data privacy is of paramount importance to the:
- Rapidly expanding community of business customers who trust Percent Pledge to power their workplace giving programs.
- Continuing to delight customers extended beyond enabling them to easily make – and measure – a positive impact on the causes they care about most.
- Need to create a giving environment free of the data privacy concerns that have become so ubiquitous in these last years.
This clarity guided our decision to embark on the lengthy SOC 2 process earlier than most companies of our size.
What is SOC 2 Type II certification?
SOC 2 is a rigorous process designed to assess and confirm a company’s security, availability, and processing integrity for the systems they use to process user data. But what does that really mean?
Receiving SOC 2 Type II certification indicates that an organization has created detailed policies and procedures to ensure they manage your data securely and protect your privacy. Further, it means that they have undergone a formal observation window of at least three months for a Type II certification. During this time, independent auditors monitor the company’s security controls. After that time, they have gathered evidence and performed tests to confirm that the organization actively practices its stated security controls. And finally, because a commitment to security is continuously evolving, it means that the SOC 2 compliant company completes annual audits.
What SOC 2 means to Percent Pledge
Going through the SOC 2 auditing process, we were very pleased by how naturally our existing systems enabled compliance; when you don’t store or share confidential user data, data privacy is an obvious outcome! We didn’t have any exceptions noted during our audit period to our security standards, which our entire engineering team is very proud of.
We also understand that as impactful as our new SOC 2 Type II certification is, it is only a small part of our commitment to data protection. Protecting the security, privacy, data, and trust of our customers is not a program, it’s a practice; an active, ongoing practice that we will keep improving as we continue the rapid growth of our mission and work towards our long-term vision of every business in America having an engaging workplace giving program.
And lastly, to continue the practice of gratitude which is so foundational to Percent Pledge, we’d like to extend the following thanks to those that helped us reach this milestone: to Vanta, our third-party security partner who monitors and audits our infrastructure, systems, and processes continuously; to Johanson Group, our SOC 2 auditors who partnered with us closely throughout this entire process; and to our small but mighty internal team for implementing and following these enhanced security controls which ensure the continued trust, security, and privacy of our growing force for good!