We are proud to announce that we have successfully completed our SOC 2 Type 1 and HIPAA attestation examinations!
But what does this really mean? Let’s talk about SOC 2. You might have noticed that your customers love to ask if you are ‘SOC 2 compliant,’ but you might not really know what that means. Or maybe you are the one that asks your vendors this question. You might just know that somewhere down the line, your security team is going to need a copy of the report. First of all, ‘SOC’ stands for Service Organization Controls. This is one of the most widely recognized sets of standards for security. One of the main motivations behind us reaching this goal at Catalytic was our customers, as SOC 2 is highly valued (and in some cases, required) by companies of all sizes and industries. Equally important was our management’s dedication to excellence and quality. For a 3 year old start up, we are lucky to have a team that values security and knows the importance of having a strong compliance framework.
Our audit reports describe our systems, and tell us that our internal controls are suitably designed. They help the reader learn about and trust us, and they demonstrate that we have policies and procedures in place to ensure we are maintaining a secure environment while keeping our commitments to our customers.
We are happy that our reports have a clean auditor’s opinion; but to take it a step further, we actually did not have any exceptions, or findings, on our final reports! As an auditor with about 8 years experience under my belt, I know that this is pretty rare. We can attribute this excellent result to our approach of investing in security early, and to a thorough audit readiness assessment that our compliance team worked very hard to prepare for.
In the words of our auditors: “Catalytic was very proactive in engaging with our team throughout their readiness preparation and diligently leveraged our planning guidance that paved the way for a well-orchestrated and successful examination. Coupled with their promotion and desire for a strong internal control environment, Schellman was able to conduct multiple assessments seamlessly and effectively.” -Rob Tylka, Senior Manager at Schellman & Company, LLC
This is an important milestone for Catalytic and we are excited to move forward with our security program - we also can’t wait to continue to share what we’re learning along the way!