We are excited to share that our personality data platform is now SOC-2 Type II compliant!
The SOC-2 certification underscores our commitment to data security, privacy, and operational excellence. Data security & privacy have always been taken seriously at Crystal but the SOC-2 certification serves as a third-party validation. This blog post dives into the significance of SOC-2 compliance and what it means for you, our valued users.
Understanding SOC-2 Compliance
SOC-2, which stands for System and Organization Controls 2, is a compliance framework designed by the American Institute of Certified Public Accountants (AICPA). When a business embarks on complying with SOC-2, a rigorous auditing process is conducted to evaluate the organization's controls and policies with regard to security, availability, processing integrity, confidentiality, and privacy of user data. It's a globally recognized standard that provides independent validation of a company's commitment to data security.
Why SOC-2 Compliance Matters
Crystal’s security & compliance principles guide how we deliver our products and services and make sure our users can simply and securely access our data.
Secure Development
- All development projects at Crystal, including on-premises software products, support services, and our own Digital Identity Cloud offerings, follow secure development lifecycle principles.
- All development of new products, tools, and services undergo a design review to ensure security requirements are incorporated.
- Software development is conducted in line with OWASP Top 10 recommendations for web application security.
Secure Testing
- Crystal deploys third-party penetration testing and vulnerability scanning of all production and Internet facing systems on a regular basis.
- All new systems and services are scanned prior to being deployed.
- We perform penetration testing both by internal security engineers and external testing companies.
Cloud Security
- Crystal’s cloud infrastructure provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture.
- The cloud infrastructure leverages the native physical and network security features of the cloud service (Amazon Web Services), and relies on the providers to maintain the infrastructure, services, and physical access policies and procedures.
- All customer cloud environments and data are isolated using Crystal’s patented isolation approach. Each customer environment is stored within a dedicated trust zone to prevent any accidental or malicious co-mingling.
- Data is also encrypted at rest and in transmission to prevent any unauthorized access and prevent data breaches. Our entire platform is also continuously monitored by dedicated, highly trained experts.
- We utilize unique encryption keys to ensure data is protected and isolated.
- Our client’s data protection complies with SOC 2 standards to encrypt data in transit and at rest, ensuring data and sensitive information is protected at all times.
Compliance
By successfully completing AICPA’s SOC-2 Type II audit, Crystal is committed to providing secure software and services across the globe. Our external certification proves Crystal’s dedication to protecting our customers by regularly assessing and validating the protections and effective security practices in place.
What Does This Mean for You?
With Crystal now SOC-2 compliant, you can be even more confident in the security and reliability of our services. Your data is in good hands, and you can trust us to provide you with a secure and efficient platform to support your business needs. This achievement underscores our dedication in putting security, privacy, and operational best-practices at the forefront of our business.
What's Next?
Our journey doesn't stop here. We will continue to invest in security, privacy, and operational excellence to ensure that we meet and exceed industry standards. We understand that the digital landscape is ever-evolving, and we are committed to staying at the forefront of security and compliance to protect your interests.
We thank you for your continued trust and support, and we look forward to providing you with secure and compliant personality data for every business professional. For more information, you can read through our trust report where we provide up-to-date monitoring on our infrastructure, product security, organizational security and more .