Security is Everything: Our SOC 2 Journey (with our partner Vanta)
Feb 05, 2021
Last year, we went through the SOC 2 process (with our partner Vanta), and we wanted to share a little bit about our experience receiving our certification, and how we’re thinking about security at Wade & Wendy through – what else – the power of conversation (with the Vanta team).
Why is security important at Wade & Wendy and what made you set out to get your SOC2?
At Wade & Wendy, we realize that the journey to finding the right job for the right candidate is a personal one. Everyone involved in the recruiting process, both candidates & companies, deserves only the most reliable security of their personal data.
This is the motivation behind Wade & Wendy’s recent completion of its Service Organization Control (SOC) 2 Type II examination by an independent, 3rd party auditor.
And what exactly is the SOC2 Type II report?
A SOC2 report is a way for a company to prove that its declared security, confidentiality, privacy, processing integrity and availability policies are appropriate. The Type II report is one that a company gets after operating for a period of time, showing that it has a proven record of following the necessary security procedures without any breaches.
If it’s only common for larger companies to get a SOC2, why would Wade & Wendy get one?
Our decision to receive the SOC2 Type II is tied to our proactive approach to security and compliance. It enables us to not only ensure that our systems are in compliance today, but tomorrow as well. Privacy, integrity of data, confidentiality – these values are built into Wade & Wendy’s DNA. For us, the security of our users is NOT an afterthought, it’s built into our technology from the start.
How did you approach the audit process? Would you advise others to do the same?
We had always thought about getting our SOC2 report, but it wasn’t until 2020 that the right time for it came along. We found Vanta and the audit process was as low-touch as possible from the start. Vanta’s platform automated a lot of the journey: aggregating evidence in a succinct format, monitoring policies & procedures, and even suggesting additional relevant controls to implement and provide evidence for.
Any key takeaways/lessons learned that can help the next company get through their SOC2?