TerraTrue, an innovator in privacy, today announced that it had achieved SOC 2 Type 2 compliance per the American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Achieving this standard with an unqualified opinion serves as third-party industry validation that TerraTrue provides enterprise-level security for customer data secured in the TerraTrue Platform. TerraTrue was audited by Prescient Assurance, a security and compliance attestation leader for SaaS companies worldwide.

“Data security is a fundamental element of TerraTrue's commitment to protecting sensitive user information and privacy,” said Jad Boutros, Co-Founder and CEO of TerraTrue. “We are proud to say that we have successfully demonstrated a mature and reliable commitment to protecting our customers' data. A SOC 2 Type 2 audit report attests to TerraTrue's current and future customers that we manage their data with the highest standard of security and compliance. We focus on the privacy and security of our customers' data so that they can focus on their customers.”

What is a SOC 2 Type 2 Report?
A SOC 2 Type 2 Report is a Service Organization Control (SOC) audit on how a cloud-based service provider handles sensitive information. It covers the suitability of a company's controls and its operating effectiveness. These audits provide an objective quantitative assessment that the company conforms to AICPA's SOC framework and manages its customer data in a controlled and audited environment.

A sample of some controls covered in a SOC 2 Type 2 include:

• Communication of changes to customers
  
• Internal access control to production environments
  
• System monitoring and ongoing risk assessments
  
• Disaster recovery and data backup
  
• System and security monitoring and incident response processes
  
• Employee onboarding and termination processes
  

A SOC 2 Type 2 assessment is evidence that an organization is implementing the security controls they say they are and that those controls are working correctly to protect data. Without eyes and ears across the cloud, it is difficult to assess how secure information is in the hands of third-party vendors. A SOC 2 Type 2 report offers peace of mind for customers and partners.

Resources

• Follow TerraTrue on LinkedIn
  
• Follow TerraTrue on Twitter
  
• We're hiring – join the team
  
• #ShiftLeftPrivacy
  

About TerraTrue
TerraTrue empowers teams to build privacy and security into everything they do through a collaborative, intuitive, and scalable platform. Purpose-built to work with modern product development, TerraTrue seamlessly captures structured data about how teams plan to collect, use, store, and share data. The platform then maps that digital blueprint to the world's privacy laws to automate guidance, risk-flagging, and downstream data maps and reports. Sitting as a hub between product teams and review teams, TerraTrue also smartly routes rule-based workflows throughout an organization, automatically detects and reports infrastructure changes in cloud environments, and drives vendor management — all from the same single source of truth. Using TerraTrue, companies run a scalable, fast pre-deployment privacy program that eliminates spreadsheets, manual ad-hoc processes, and compliance bottlenecks. TerraTrue was founded in 2018 by former Snap execs and is backed by, among others, 3L Capital, Anthos Capital, and Chris Sacca. Modern brands like Lyft, Robinhood, Roku, and Foursquare are shifting left to get privacy right with TerraTrue.

# # #

— WebWireID292508 —