Skip to Main Content

Jun 8, 2021 | 3 minute read

Top 5 Questions on SOC 2 Compliance

written by Deepraj Minhas

When it comes to selecting an eCommerce solution it is important to base your evaluation on more than just functionality and pricing. You will want to confirm your chosen commerce solution has the high security standards in place to ensure that your systems and data are kept secure. Fail to do this, and you could end up with security compromises like a data breaches or system intrusions, hurting your company’s reputation, customer loyalty, and jeopardizing revenue.

Security assessments like the SOC 2 evaluation provide a comprehensive and centralized, third party report to ensure you’re working with a vendor that has validated they follow the highest standards of security practices, policies, procedures, and operations. SOC 2 compliances reduces time spent on security evaluations and provides the confidence that your data is secure so you can launch and drive revenue faster while keeping your business operating at 100%.

Familiarize yourself with SOC 2 with the top five questions we hear from prospects: 

  1. What does SOC 2 Compliance mean?
    • SOC stands for System and Organizational Controls and is based on the Trust Services Criteria. This criteria is focused on the ability to report on the design of controls (and/or testing and operating effectiveness of those controls) for a service organization. The SOC 2 report addresses an organization’s controls pertaining to operations and compliance standards; things like security, integrity, availability, privacy, and confidentiality are all aspects of SOC2.
  2. Why is it important to be SOC 2 compliant?
    • SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests of organizations and the privacy of its clients.  If your chosen commerce partner is SOC 2 compliant it means you can trust that they will do everything possible to protect your data and systems.
  3. What is the benefit to the customer for a vendor to be SOC 2 Compliant?
    • SaaS vendors in particular need to be SOC 2 compliant in many instances, especially when they sell to the enterprise. Enterprises are often beholden to a wide variety of security and compliance controls and being demonstrably SOC 2 examined as a vendor gives those enterprise customers the peace of mind they need to do business with Elastic Path.
  4. What security practices and procedures are assessed during a SOC 2 Compliance evaluation?
    • SOC 2 evaluates the operational policies, communications, procedures, and monitoring concerning four Trust Service Categories (TSC):
      • SecurityInformation and systems are protected against unauthorized access (both physical and logical), unauthorized disclosure, and damage
      • Availability – Information and systems are available for operation and use as committed
      • Processing integrity – System processing is complete, valid, accurate, timely, and authorized
      • Confidentiality – Confidential information is secured, and access is controlled
  5. What are the principles of SOC 2?
    • Elastic Path utilizes independent third-party auditors to test the Elastic Path Commerce Cloud platform against the widely accepted security standards controls of SOC 2. These examinations are conducted by a respected audit and security firm that is independent and thorough in its inspections. The SOC2 examination report is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to the security, availability, and processing integrity of the systems the service organization uses to process data.  With Elastic Path successfully achieving the SOC2 examination, we can ensure peace of mind to our customers.

Learn more about how you can build your eCommerce vision with confidence by visiting our Trust page.