OpenSpecimen is now SOC2 Type 2 Certified

OpenSpecimen is now SOC2 Type 2 certified!

Developed by the American Institute of CPAs (AICPA), SOC2 Type 2 certification captures how a company safeguards customer data and how well those controls operate. 

This certification demonstrates our commitment to cybersecurity and securely handling confidential customer data.

It will help us assure our customers that we have taken all necessary steps to keep their data safe, protecting them from potential data breaches.

Our journey toward achieving SOC2 Type II certification

We started the SOC2 certification process in May 2021. 

Our first step was to enroll with Vanta. Vanta helps thousands of companies achieve SOC 2,  ISO 27001, HIPAA, PCI, and GDPR compliance by automating up to 90% of the work involved.

Vanta is integrated with all our systems, including Google Workplace, AWS, Jira, Github, etc. It automatically pulls data from these systems to highlight any security gaps. It also provides document templates for policies and procedures.

Starting May 2021, we diligently started plugging the gaps identified by Vanta and documenting our processes.

In July 2021, we enrolled Johanson LLP as our SOC2 auditors to achieve Type 1 certification first, which was completed by Dec 2021, and Type 2 by April 2022,

One big takeaway from this process is that if you are following best practices from an early stage, SOC2 certification is easier to achieve. The documentation process is straightforward, and you have to work through the checklist of items needed for the audit. 

What’s next? 

Getting certified is only the first step in a continuous process to ensure customer data security. We aim to perform quarterly security reviews and keep ourselves up to date with ever-evolving security measures in the highly regulated industries.