At Hum, we aim to set the highest standards for technological excellence and are proud to announce we’re becoming SOC 2 Compliance Certified! We believe that the SOC 2 Certification should be a prerequisite and essential standard for any software supplier that is handling complex personal and proprietary data. 

In June 2021, we began our SOC 2 certification with a thorough systems and processes audit. We're going above and beyond to protect the way our organization handles data and access to sensitive information. When you install Hum, rest assured your data will be fully protected. 

Keep reading for exclusive insights into this process, the benefits, and what it means for our clients! 

What Is The SOC 2 Certification?

The Service Organization Control (SOC 2) Certification is a framework created by the American Institute of CPAs (AICPA). It is an in-depth external audit that scrutinizes a company's information systems to ensure they meet the AICPA’s five principles of trust: 

  1. Security - Information systems are secured against unauthorized access, compromises, and damage that could affect the entity’s ability to meet compliance. 
  2. Confidentiality - All information is confidential to meet entity objectives.
  3. Availability - I.T. protections are in place to meet the entity’s objectives.
  4. Processing integrity - The integrity of the protection is timely, valid, and complete. 
  5. Privacy - All information that could be considered sensitive, private, or personal is collected, retained, disclosed, and disposed of based on the entity’s objectives. 

With this important compliance step, Hum joins companies like Microsoft and Amazon, who have obtained the SOC 2 to prove their dedication to protecting their customer data.

Hum prioritizes best practices for securing your member data. We decided this certification was important, not only for displaying our company's core values for privacy and integrity, but also to reflect trustworthiness in supporting your complex data requirements. 

As you grow your membership via data-driven strategies, associations should look for partners prioritizing data safety. In addition to Hum’s content and audience intelligence features, data protection is a benefit offered to all our clients.

Type I vs. Type II SOC 2 Certification 

Before undergoing a SOC 2 audit, a company must decide on its preferred level. Hum is undergoing the more involved process of Type II compliance, offering a more comprehensive layer of security. 

Type I

An audit of policies during a particular moment in time, like a snapshot. This option is:

  • Faster
  • Less comprehensive
  • Less prestigious/ has less impact on credibility because it’s only a moment in time (no proof that you can sustainably protect an entity from a data breach).

Type II 

Type II discloses long-term proof of sustainable policies for data security.  This report includes plans for implementing and testing continuous procedures to prevent security breaches. This option is:

  • An ongoing process
  • More comprehensive 
  • More credible, because you are proving the future ability to protect data beyond a mere ‘snapshot.’ 

The Process

We’re using Vanta's service to become certified. As a company that offers HIPAA & ISO compliance on top of SOC 2 certifications, Vanta meets our high standards of quality and security. 

The process looks like this:

  1. Develop a list of all security controls in place and creating new policies
  2. List everything we were responsible for (all hardware, laptops, etc.) 
  3. Vulnerability monitor all inventory
  4. Assess all vendors
  5. Test the output/conduct dry runs
  6. Simulate a disaster drill and conduct recovery analysis
  7. Implement new practices based on the newly-gathered evidence
  8. Conduct the formal audit 
  9. Receive a final report that explains your system's adherence to AICPA security controls
  10. Adapt accordingly based on the results in your final report

One of the reasons that we chose Vanta is because they allowed us to build controls that were adapted to our company and tested continuously to verify our infrastructure and physical security within compliance. They also offered guidance on any weak areas before the audit, ensuring that the auditor provided us the tools to succeed before officially scrutinizing the systems. 

The Hum Difference

As a technology start-up, we are not only committed to building a tool to help you future-proof your organization. It is just as critical to build a foundation in data security.  

If you found this piece inspiring, check out our blog, where we share thought leadership on best practices for associations operating in digital environments. 

If you're ready to take your digital experiences to the next level, contact us to request a demo. We look forward to offering data-driven solutions to your digital hurdles and helping you evolve into a digital-first organization!