Keep you and your customers data secure
Ensuring data security with our 3rd party SOC 2 audit
SOC 2 compliance (Service Organization Control 2) is a voluntary compliance standard developed by the American Institute of CPAs (AICPA) that ensures an organization has established security processes and practices at each level of the company. SOC 2 compliance is evaluated by security, availability, and confidentiality.
The compliance is separated into two types of SOC 2 reports:
As a voluntary security compliance, companies going the extra mile by aiming to achieve SOC 2 compliance do so to continue building trust with their customers and prospects.
As a SaaS organization handling customer data in the form of calls, texts, forms, and chat, it’s vital to provide assurance that you and your customers data is managed and stored securely. That’s why we not only perform our own internal audits to evaluate our current risk management processes, we bring in a 3rd party auditor to deliver a detailed SOC 2 report with any potential oversights and vulnerabilities.
As part of the SOC 2 Type II report, CallRail was evaluated against the following three categories of SOC 2 requirements:
Over a period of greater than 6 months, our 3rd party auditors reported no findings or issues from their SOC 2 type II report.
Internal Security Measures
|Keeping you and your business’ data safe and secure is up to every employee at every level of the organization. To ensure privacy and security, CallRail engaged an independent CPA to examine and report on its control that the AICPA has established, System and Organization Control (SOC) Type II. The independent CPA examined and reported on controls at CallRail relevant to Security, Availability, and Confidentiality. A copy of CallRail’s SOC 2 Type II report can be requested by contacting the legal team at email@example.com.|
All data encrypted “in transit” and “at rest”
|All access to CallRail is encrypted via SSL to protect data from interception on network points between the user and CallRail. All call records, web visitor sessions, and call routing data are fully encrypted when stored on disk. This data is seamlessly decrypted as-needed for reporting purposes when accessed by the customer. These precautions protect the data even if hard drives fail, or are decommissioned or stolen.|
|Individual users are granted their own login credentials, which can be controlled by an administrator. Login sessions automatically expire after a brief period of inactivity to prevent unauthorized access.|