We’re thrilled to share that Cadana is now compliant with the SOC 2 Type 2 and ISO /IEC 27001:2013 standard for security, availability, processing integrity and confidentiality!
Data security is a fundamental element of our commitment to protecting sensitive user information and privacy.
We take security seriously at Cadana. As a trusted payroll platform provider, we continuously aim to not just meet but also exceed industry standards and customer expectations for security controls. That’s why organisations of all sizes rely on our payroll platform and systems for sensitive transactions.
What is SOC 2 Type 2 Certification?
The American Institute of CPAs (AICPA) established SOC 2 to ensure that service providers securely maintain user data. SOC 2 Type 2 report is an internal controls report reflecting how our organisation safeguards customer data globally and how well those controls are performing, we are committed to security.
An independent auditor, Barr Advisory conducted an audit of our servers and systems, including AWS, organisational processes, verifying that our information security practices, policies, procedures, and operations meet the rigorous SOC 2 standards. Additionally, this audit confirmed that our platform is protected against unauthorised access.
What are the Elements of a SOC 2 Type 2 Report?
SOC 2 is used by companies that use cloud service providers, to examine and report on the risks associated with third-party technological services. The operational effectiveness of the systems is detailed in the Type 2 report. This contains a history component that demonstrates how a company's controls were managed over time. It also considers how well our internal controls and systems perform over time. These are some of the controls covered in our SOC 2 Type 2:
- Access Controls
- Data Security Controls
- Application Development Controls
- System Monitoring Controls
The ISO/IEC 27001:2013 Certification
We also got ISO certified!
Every organisation seeking to build trust and enable enterprise businesses to come onboard must undergo the ISO/IEC 27001:2013 certification. This specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organisation. In this case, ISO helps Cadana tailor its information security needs and lays down standards to follow in assessing and treating information security risks.
What this means is that Cadana’s processes are of global standards and therefore give no room for security breaches.
What Does ISO/IEC 27001:2013 Mean for Cadana Customers?
Companies that have high-level quality processes tend to build quality products. To be certified for ISO/IEC 27001:2013 means that you have been audited by an independent third party and that you have demonstrated that your business conforms to the requirements of the latest quality process standards set by the International Standards Organization.
At Cadana, we have solutions that cater to businesses, people managers, and employees. We design our processes to ensure that we cover all grounds in serving our customer base. It is a commitment to our security and data management processes. With our ISO Certification, businesses can trust us with their employee database, knowing that they're safe and would be kept safe.
How to Obtain Your SOC 2 Type 2 and ISO/IEC 27001:2013 Certification
When done right, SOC 2 and ISO can be extremely valuable for establishing best practices and communicating your commitment to security to customers, but it can also be intimidating to get started.
We learned a lot going through the process for the first time and wanted to share our findings in case they’re valuable to others preparing for their first SOC 2 and ISO process.
Vanta helps automate some of the SOC 2 and ISO processes; their integrations and monitoring make it simple to keep track of things and guarantee that you're following your standards. While they handle a lot of the heavy lifting, you'll still need to determine whether or not certain items are relevant to your systems and the audit's specific requirements.
Making sure you and the auditors are on the same page is crucial, and establishing a good working relationship with them early on will make the audit process go much more smoothly. Early on, ask your auditor a lot of questions to make sure you're not only doing the right things but also recording them properly.
What’s next for Compliance, Security and Data Protection at Cadana?
Our effort to continuously and critically assess how we acquire, manage and secure consumer data is part of our ongoing commitment to data security, availability, and confidentiality. We intend to continue to get periodic SOC 2 Type 2 reports and ISO/IEC 27001:2013 as well as further compliance certifications, such as the PCI DSS as part of this process.
If you want a payroll technology company you can trust, book a demo with us here.