Zylo Announces SOC 2 Type I Compliance


Ryan Carroll

Independent Audit Verifies Zylo’s Internal Controls and Processes

We’re excited to announce that Zylo recently received our SOC 2 Type I attestation report from KirkpatrickPrice. The completion of this engagement provides evidence of our strong commitment to deliver high quality services to our clients by demonstrating we have the necessary internal controls and processes in place.

SOC 2 engagements are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. KirkpatrickPrice’s service auditor report verifies the suitability of the design and operating effectiveness of Zylo’s controls to meet the standards for these criteria.

Leading the SaaS Optimization Industry with Information Security

SOC 2 applies to nearly every SaaS company by definition, as it was specifically designed for service providers storing customer data in the cloud. This proof of compliance is a huge step forward in the emerging SaaS management space because it takes such rigor and business process maturity to complete. At Zylo, we believe it is a critical security requirement of providers within our industry because becoming SOC 2 compliant ensures that the proper information security practices are not only in place, but also in line with ever-changing cloud requirements. And if a SaaS platform is managing all of your SaaS, those are key components of a safe, secure, and protected vendor relationship.

Using Zylo as a SaaS System of Record to Drive SOC 2 Audit Process

The best part is, we used our own platform during the audit process to become SOC 2 Type I compliant. Because the Zylo platform identified every cloud subscription, we were better able to assess several aspects of the business, including our vendor management program. This data enabled us to “clean house” and cancel any subscription we don’t actively use (thereby cutting down on the number of providers that store any of our company information). It also helped us better assess any security gaps and ensure that our vendors have a security posture that is as rigorous as ours, if not more so.

Our team uses Zylo to identify all cloud apps used within our business, and it also gives users the space to add important details that are helpful to SOC 2 Audit procedures. A considerable aspect of SOC 2 includes identifying your entire list of technology and service providers as well as understanding who your critical services providers are, what each application your company uses does, and how you may end up relying on a vendor’s recovery and backup procedures in the case of a business disaster. Because of Zylo the platform, we were able to (nearly effortlessly) conduct a complete tech audit for every application we use at Zylo.

Data Security is More Important Now Than Ever Before

Security and governance are critically important in this “era of the cloud,” making it essential that you choose partners who are equipped to keep your valuable data protected and secure. If you’d like to learn more about Zylo’s stance on security or how Zylo can help aid you on your way to securing audit compliance in your organization, get in touch with our team today.

Request a Demo

SaaS Changed the Way Software is Purchased. Zylo is Changing the Way Software is Managed.

About the Author

Ryan Carroll