Survale passed another successful SOC 2 Type 2 security audit. As happens each year, Survale undergoes an exhaustive third party audit to confirm that our security controls and procedures meet high SOC 2 standards for security. More importantly, auditors confirm that in practice, we have executed against those controls. In other words, Our clients trust us with their candidate and employee data and we use that data to show them how their talent facing experiences affect their recruiting performance.
Survale’s IT, development and security teams have developed a number of controls, processes and standards to safeguard our client’s data. These controls and processes were designed around SOC 2 standards which are based on ISO 2700 standards but go beyond ISO and include a variety of operational controls for processes and procedures that interface with data security, like hiring practices, onboarding procedures, etc. Operational areas that are critical to overall data security, but are not strictly technical.
A SOC 2 Type 2 audit lists each measure we take to control for risks within our system and entire operation and tests it. There are around 100 separate controls that cover what the AACPA has determined are sufficient controls to maintain data security and each is tested. If there is any failure to meet a standard during the previous year, it is listed as an exception. As has become a custom, no exceptions were noted in this year’s audit. But that doesn’t mean that there is no risk and that constant vigilance is required against hacking, poor execution of handling procedures, etc. That’s why we do this every year, with regular internal audits throughout the period.
We could tell you that your data is secure and that we take data security VERY seriously as a SaaS software provider (which we do), but more importantly, we show clients and prospective clients through regular external audits and contractual commitments.
For more information about the measures Survale takes to protect client data, click here.
