Hum Capital Hum takes privacy and data security very seriously and now has SOC 2 certification, an industry standard third-party verification on our data privacy measures.
What is SOC 2?
Data security continues to be a pressing concern for companies worldwide. To help combat this, in 2017, the Association of International Certified Professional Accountants (AICPA) introduced the term system and organization controls (SOC) to define criteria for managing customer data based on five “trust service principles”:
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy
SOC 2 is an auditing procedure designed to ensure that third-party service providers or simply, service organizations, can securely manage data to protect the interests and privacy of its clients. For many businesses, compliance to this auditing procedure is a prerequisite in looking for a service provider because it helps them feel confident about how their data is used and stored. If a service provider, such as a bank or Hum Capital, does not adhere to these auditing standards for the data that it collects, many businesses will choose to not work with the service provider due to a lack of confidence in how their data is being handled by the service provider. One reason for this is that the framework states that compliant organizations can only share data with other organizations that have also passed the SOC 2 audit.
Are there different SOC 2 types?
Yes, there are two types of SOC 2 certification - type 1 and type 2. Both types tackle the reporting controls and processes related to the five trust principles of data: security, availability, processing integrity, confidentiality and privacy.
However there are some differences between SOC 2 types 1 and 2. In a type 1 audit, the report covers the design effectiveness of internal controls as of a specific point in time, like April 4, for example.
A SOC 2 type 2 audit report covers a longer period of time. This can range from six to 12 months although the most common period is 12 months. It tackles the design of internal controls and its operating effectiveness over time to achieve a set of objectives.
What level of SOC 2 certification does Hum Capital hold?
Hum Capital is currently SOC 2 type 1 certified.
Is Hum planning to move to SOC 2 type 2?
We may pursue SOC 2 type 2 certification in the future, but do not currently have type 2 certification.
Why does it matter that Hum is SOC 2 certified and compliant?
Private data provided by our customers is core to Hum’s ability to provide services via our Intelligent Capital Market. We believe data privacy and security is critical to protecting the interests of our customers and obtaining SOC 2 compliance demonstrates our commitment to the highest standards of information security.
The SOC 2 compliance requirements, which are put to the test in an on-site audit, ensure that sensitive information is being handled responsibly. Organizations that implement the necessary controls are therefore less likely to suffer data breaches or violate users’ privacy. This protects Hum, and the data customers provide to us, from potential data breaches that could result in business or reputational damage.
How does this all fit into Hum’s data privacy policies?
Hum takes privacy and data security very seriously. Our data privacy and measures are built on the following approach:
- Built to keep your data safe and secure: Hum keeps your data secure. We take data privacy very seriously, and companies and investors always have strict control of what data they share with others on our platform.
- Fortified, multi-layered encryption: All sensitive information is rigorously protected with the same world-class encryption and security protocols as service providers like Google.
- Powered by world-class infrastructure: Hum is built on Amazon Web Services, and we follow their published identity and access management practices across our platform.
Having SOC 2 certification is a third-party validation that our approach is rigorous and secure. SOC 2 looks at Hum’s overall infrastructural design of how we collect and use client data to ensure that it is robust and not subject to high risk of data breach or misuse. It also looks at our auditing process for how we use this data, ensuring that we are continuously adhering to these standards and identifying any instances that warrant investigation.
Are there additional resources where I can learn more about SOC 2?
To learn more, you can reference the complete guidelines for SOC 2 as outlined by the AICPA.
Who do I contact if I have further questions?
If you should have any further questions, please feel free to reach out to support@humcapital.com