Ensuring SaaS Data Security with SOC 2 Reports

The Cloud has reshaped the way even the largest companies manage the recruiting process. And as software-as-a-service (SaaS) becomes an increasingly accepted standard, the pressure is on businesses to ensure that vendors have security controls in place to protect the highly-sensitive data these platforms store.   

As a recruiter, each day you’re collecting personally identifiable information like names, addresses and social security numbers, as well as salaries, offer letters and comments on interviewees. If this information made its way into the wrong hands it could be damaging to your company, your candidates and your employees.

With ever-present threats to data security like hackers, data loss from natural disaster and human error, and unauthorized physical access to systems, businesses can’t gamble on a vendor’s claims of security alone.

So what’s an already resource-strapped recruiting team to do when you need to ensure your data is protected in the cloud? The simple and effective solution is to get a Service Organization Control (SOC) 2 report from any cloud vendor you’re considering.

Developed by the American Institute of Certified Public Accountants (AICPA), a SOC 2 report allows cloud vendors provide businesses with assurance from an independent auditor that proper controls are in place to safeguard data from physical and digital threats. 

SOC 2 is geared towards technology and cloud computing companies and covers controls that are relevant to data security, availability, processing integrity, confidentiality, and/or privacy. It uses the Trust Service Principles (TSP) framework from the AICPA for evaluating a service organization's internal controls against a set of common criteria found in the TSPs.

A clean SOC 2 report from a vendor—meaning no significant exceptions were found during the audit—tells a business “Your data is safe with us and you can trust the processes in place which secure it.”

We at Greenhouse are happy to report that we are SOC 2 compliant. No exceptions were found during our audit and your business can confidently trust that exceptional measures are being taken to secure your data.

Filed Under: