Agiloft achieves SOC 2 Type 2 Certification, confirming enterprise-ready data security

In today’s data-driven world, data security is the essential foundation for all business relationships. In keeping with our commitment to maintain the strictest security standards, Agiloft recently achieved SOC 2 Type 2 Certification from the Association of International Certified Professional Accountants (AICPA). This certification confirms that Agiloft’s policies, procedures, and practices are secure enough to handle the largest enterprises in the most regulated industries. After achieving SOC 2 Type 1 in August 2019, this latest certification verifies the effectiveness of Agiloft’s internal controls and safeguards.

"The SOC 2 Type 2 certification requires long-term, consistent internal practices that assures the security of confidential customer information," said Colin Earl, CEO of Agiloft. "Earning our SOC 2 Type 2 security certification reaffirms our commitment to ensuring customer data is fully protected."

Read the full press release here.

More than a security audit

This is no mere security audit. SOC 2 Type 2 compliance requires companies to manage customer data with very strict policies and procedures, including how an entire company maintains the security, availability, processing, integrity, and confidentiality of its customers’ data. Here are some ways companies actively maintain SOC 2 compliance:

Continuous security monitoring – This goes beyond recognizing malicious system activity because unknown threats can sometimes slip in under the radar. Companies must establish a baseline of normal system activity in order to detect ANY changes that could be a possible security threat.

Filtering the noise – With this hyper-vigilance toward data security, there are bound to be false alarms. Companies must be able to quickly and precisely identify real threats from an abundance of system alerts, including any instances of unauthorized data exposure or modifications, file transfers, or login access.

Full auditability – Security teams must track everything happening in the system and be able to look back in time at the complete picture of the system when the security issue took place. This is a much more manageable task with a platform that includes full auditability out of the box.

Fix issues and vulnerabilities immediately – In addition to constantly monitoring the system, security teams also must prove that they can respond in a timely manner as well as find the source of the security issue in order to prevent it from happening again.

Military-grade security

As a leading provider of SaaS business software for contract lifecycle management and more, Agiloft is proud to provide military-grade security for customers, maintaining strict security protocols throughout the platform, infrastructure, and organization. In addition to SOC 2 Type 2 compliance, our no-code platform was tested by a security team from the U.S. Air Force and approved for deployment on the Secure Network at the U.S. Department of Defense.

For more on Agiloft’s enterprise-ready security, please see our Security Policies page.