Operational Excellence

SlideHub is now SOC 2 compliant

SlideHub is now SOC 2 compliant

 

SlideHub is now SOC 2 compliant - a security standard.

 

An independent auditor has tested and reviewed systems, policies, data structure, potential vulnerabilities, and everything security, and SlideHub passed with A+ grades.



Below you can read more about what SlideHub complies with and our future ambitions in building an even more secure platform. 

 

What is SOC 2

SOC 2 is an auditing procedure that ensures we securely manage your data to protect the interests of your organization and the privacy of clients.

 

How did we get it

SOC 2 certification is issued by outside independent auditors - we used Johanson Group LLP . They assess the extent to which a vendor (SlideHub) complies with one or more of five trust principles based on the systems and processes in place.


Security (also known as Common Criteria): The security principle refers to protection of system resources against unauthorized access


Availability: The availability principle refers to the accessibility of the system, products or services as stipulated by a contract or service level agreement (SLA)


Confidentiality: Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations


Processing integrity: The processing integrity principle addresses whether or not a system achieves its purpose (i.e., delivers the right data at the right price at the right time). Accordingly, data processing must be complete, valid, accurate, timely and authorized.


Privacy: The privacy principle addresses the system’s collection, use, retention, disclosure and disposal of personal information in conformity with an organization’s privacy notice, as well as with criteria set forth in the AICPA’s generally accepted privacy principles (GAPP)


Besides complying to the above, SlideHub have conducted a penetration test. 

A penetration test, often referred to as a "pen test", is an authorized assessment conducted by highly specialized third-party security experts – in our case we used Rhymetec - to discover and report on vulnerabilities and attack paths in your networks, systems, and applications. Pen testers use hacker tools but for good cause. 

 

A company will need to remediate the high-risk findings as soon as reported by pen Testers to reduce the attack surface before the hackers exploit them.

Penetration testing is required to meet auditors' requirements by most security certifications like ISO 27001 or attestations like SOC2 and to comply with cybersecurity and privacy-related laws of the land like HIPAA or industry-specific regulations like PCI.


What is next

The SOC 2 Type I Certification that SlideHub has is based on a snapshot in time. 

 

Once we have demonstrated SOC 2 compliance for more than 6 months, we will be granted SOC 2 Type II Certification which shows that we are compliant over a long duration instead of a snapshot in time.

 

SlideHub expects to be SOC 2 Type II compliant by October 2022 and will continue to invest in security in the future. 

 

Sources: https://www.imperva.com/learn/data-security/soc-2-compliance/

https://www.vanta.com/blog/penetration-testing-101

 



Rune Johansen
Published by Rune Johansen
2022-05-18

Stay up to date - subscribe to our newsletter

Sign-up to receive product updates each month

Join 500+ other companies

SIEMENS ADVANTA CONSULTING
Increase the value of your PowerPoint assets

Register a free account today. No credit card required.