Yes. Submittable meets SOC 2 Type 1 for the 2017 Trust Services Criteria regarding Common Criteria/Security standards.
What is SOC 2?
SOC 2 is an auditing procedure developed by the American Institute of CPAs (AICPA) and specifically designed for service providers who store customer data in the cloud. It is meant to ensure that service providers, like Submittable, adhere to well defined policies, procedures, and practices to protect every organization’s data.
SOC 2 is a technical audit completed by a third party auditor that reviews each organization’s processes and systems to ensure AICPA’s general criteria and its security trust service principle.
What does SOC 2 mean for me?
Here are a few examples of security measures Submittable has in place:
Our developers have established a baseline for normal system activity to assist in identifying suspicious activity. This means Submittable is prepared for known attacks, like phishing schemes, but also for new, unknown threats.
Alerts and intrusion detection tools let our team know if unauthorized access does occur, so that response and corrective action can occur quickly.
Audit trails lead to the root cause of an attack quickly so we can make quick and informed decisions about how to respond.
-----------------------------------------------------------------------------------------------------------------------