Today PathFactory announced that the company has earned the rigorous SOC2® Type 2 certification, joining the exclusive group of marketing technology companies to complete the most comprehensive version of the audit available. Developed by the American Institute of Certified Public Accountants (AICPA), this certification recognizes the highest standards of data security among SaaS companies and IT-related service providers.
PathFactory’s Intelligent Content Platform collects, creates, and analyzes hundreds of data points about each piece of content in its customers’ content libraries, the people who visit that content, and the quality of the interactions between them. The company is responsible for safeguarding this valuable data on behalf of hundreds of enterprise and mid-market B2B marketing teams around the world who trust PathFactory to help them deliver hyper-personalized content, virtual event, and website experiences.
“Data privacy is extremely important to our customers and we’re doing the right thing to ensure their data is safe. PathFactory’s successful completion of the SOC2 Type 2 audit should reassure our customers that the systems and processes we have in place are of the highest possible integrity,” said Dev Ganesan, President and CEO of PathFactory.
System Organization Control (SOC2) is a technical auditing process used to validate the systems and controls designed by an organization to secure its customer data. To comply with SOC2, organizations must establish rigorous security policies and procedures in accordance with AICPA standards. SOC2 reports are conducted by independent and certified public accountants, who measure the availability, security, and integrity of an organization’s unique data processing systems, and ultimately determine whether effective safeguards and controls are in place. PathFactory’s SOC2 Type 2 audit was completed by a leading Big 4 accounting firm.
The purpose of a SOC2 Type 2 audit is to validate an organization’s ability to protect customer data through effective system design and controls. During the audit process, PathFactory provided evidence for virtually hundreds of controls it has in place to protect its customer’s data. Some of the controls detailed in the expansive Type 2 report include:
- IT infrastructure
- Approval processes
- Internal access to various IT systems and environments
- Procedures to ensure employee integrity, such as references and background checks
- Logical and physical access controls
- System operations
- Change management
- Risk mitigation
PathFactory has committed to participating in annual SOC2 Type 2 audits to ensure its compliance is always verified and up to date. The company also runs yearly vulnerability assessment, penetration testing, web application testing, open-source testing, SAST and DAST testing through an industry-leading security auditing firm, and will continue to assess additional options for compliance mandates and auditing in the future.