Zylo Announces SOC 2 Type II Compliance

Ryan Carroll

Back to Blog

Independent Audit Continues to Verify Zylo’s Internal Controls and Processes

After a rigorous evaluation and auditing process, Zylo is pleased to announce that we have received our SOC 2 Type II attestation from KirkpatrickPrice – with zero exceptions. SOC 2 Type II is the most comprehensive system and certification within the Systems and Organization Controls protocol.  Since our founding, Zylo has always placed an emphasis on top-level security, thus leading us to pursue this certification soon after our founding.

Zylo Advances to Type II

SOC 2 engagements are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on an organization’s non-financial reporting controls as “they relate to security, availability, processing integrity, confidentiality, and privacy of a system.”

Eight months ago, we announced our completion of the SOC 2 Type I engagement. This process involved a comprehensive evaluation of every security practice, including our vendor management program. By utilizing Zylo internally, we were able to identify all cloud applications within our business and utilize this information to drive a complete tech audit for each application.

While proving a company has adequate policies and procedures in place, Type I is a snapshot in time, failing to provide proof of continuous adherence to these controls and processes. Because of this, Zylo immediately began pursuing our Type 2 certification after receiving Type 1 attestation. SOC 2 Type II evaluates a company’s policies and procedures over a specified time period in order to ensure continued compliance and reliability.

The Process of Proving Continuous Adherence

The certification process evaluated every aspect of our business — from accessing the building, employee’s devices, data management of the cloud, server network monitoring, to employee on-boarding and continuous training. The SOC 2 Type II approval process was truly a team effort, involving every employee in the company.

After a rigorous evaluation over the last six months, Zylo received its SOC 2 Type II attestation with zero exceptions, proving Zylo’s continued adherence to security.

Leading the SaaS Optimization Industry with Information Security

Security is of utmost importance at Zylo. SOC 2 applies to every SaaS company as it was specifically designed for service providers storing customer data in the cloud. This recent attestation proves our commitment to lead the industry in data and cloud security.  If you would like to learn more about Zylo’s stance on security or how Zylo can assist you on your way to security compliance in your organization, request a demo today.

 

Request a Demo

About the Author

Ryan Carroll

Ryan is the Co-founder and VP of Engineering at Zylo where he leads the development and strategy of Zylo's platform. Prior to Zylo, Ryan spent 15 years as a developer and manager at companies such as Salesforce, ExactTarget, and iGoDigital. Despite being a Purdue alum, Ryan is an avid Hoosier basketball fan. A runner, golfer, and proud dad of two young girls, Ryan came to Zylo to build another team from the ground-up.