Security is Everything: Our SOC 2 Journey (with our partner Vanta)

Last year, we went through the SOC 2 process (with our partner Vanta), and we wanted to share a little bit about our experience receiving our certification, and how we’re thinking about security at Wade & Wendy through – what else – the power of conversation (with the Vanta team).

Why is security important at Wade & Wendy and what made you set out to get your SOC2?

 

At Wade & Wendy, we realize that the journey to finding the right job for the right candidate is a personal one. Everyone involved in the recruiting process, both candidates & companies, deserves only the most reliable security of their personal data. 

This is the motivation behind Wade & Wendy’s recent completion of its Service Organization Control (SOC) 2 Type II examination by an independent, 3rd party auditor. 

And what exactly is the SOC2 Type II report?

 

A SOC2 report is a way for a company to prove that its declared security, confidentiality, privacy, processing integrity and availability policies are appropriate. The Type II report is one that a company gets after operating for a period of time, showing that it has a proven record of following the necessary security procedures without any breaches. 

If it’s only common for larger companies to get a SOC2, why would Wade & Wendy get one?

 

Our decision to receive the SOC2 Type II is tied to our proactive approach to security and compliance. It enables us to not only ensure that our systems are in compliance today, but tomorrow as well. Privacy, integrity of data, confidentiality – these values are built into Wade & Wendy’s DNA. For us, the security of our users is NOT an afterthought, it’s built into our technology from the start.

How did you approach the audit process? Would you advise others to do the same?

 

We had always thought about getting our SOC2 report, but it wasn’t until 2020 that the right time for it came along. We found  Vanta and the audit process was as low-touch as possible from the start. Vanta’s platform automated a lot of the journey: aggregating evidence in a succinct format, monitoring policies & procedures, and even suggesting additional relevant controls to implement and provide evidence for.

Any key takeaways/lessons learned that can help the next company get through their SOC2?

 

It’s never too early to start building great security, compliance, and business hygiene for your org. Half the battle is in the details: setting up the recurring meetings on your calendar, writing up and following the right processes (which, Vanta is extremely helpful with), keeping your records clean and easy to access, setting up the appropriate tracking and validation (again: Vanta is super helpful here, and works in conjunction with a ton of out-of-the box tools from places like Amazon).

The other big piece is making security – and good practice – part of your company’s DNA. We make sure our team (and our clients) understand the why: why we care so much about protecting everyone’s data, why we follow the protocols we do, and the real human impact that those daily decisions can make. It’s why security and compliance have been built into our platform from day one: before we even thought about SOC 2. That, admittedly, made this a lot more fun 🙂