Announcing Formsort’s SOC 2 Type II certification

Fil Zembowicz
CEO & Head of Product
September 06, 2022

Today, we’re excited to announce that Formsort is SOC 2 Type II compliant. Our platform, technology, processes, and procedures have been assessed by Prescient Assurance – an external, independent auditor – and we have met the highest standards.

What is SOC 2 compliance?

SOC 2 is a process a company undergoes to assure their customers that their data is securely managed to protect their interests as well as the privacy of their users. SOC 2 defines five trust service principles for managing customer data: security, availability, processing integrity, confidentiality, and privacy.

External auditors like Prescient Assurance determine whether a vendor complies with one or more of the five trust principles based on the systems and processes in place, and issue a certificate of compliance. In addition to Prescient, we leveraged Secureframe to automate our SOC 2 certification process.

How is SOC 2 Type II compliance different from SOC 2 Type I compliance?

A SOC 2 Type I certificate demonstrates the effectiveness of controls in an organization at a specific point in time. The SOC 2 Type I report describes the controls provided by the management of the organization and attests to their suitability. 

In contrast to a one-time check, SOC 2 Type II monitors the controls over time and also checks their operating effectiveness. As a result, the SOC 2 Type II evaluation process is more rigorous and reliable. Many companies prefer Type II certification when evaluating a vendor’s security posture.

Why is SOC 2 Type II certification important for a company like Formsort?

Many of our customers operate in highly regulated industries like healthcare and financial services, and trust us to keep their form data secure.

A SOC 2 Type II certification assures our customers that Formsort maintains a high level of information security. Testing these requirements (via penetration tests and other audit tests) can ensure that sensitive information is handled well over time, rather than just once. It gives our customers even greater peace of mind.

What other security standards does Formsort adhere to?

Formsort is also HIPAA compliant. This means that we follow a set of regulatory guidelines that outline how Protected Health Information (PHI) can be used and disclosed in a lawful manner.

Want to learn more?

If you’d like a copy of Formsort’s SOC 2 Type II report, talk to our team.