Why SOC 2 Compliance is a Must-Have for Your Capital Partner

When it comes to your company’s finances, security is key. Protecting your data and financial information is a top priority, and—whether you’re a Pipe customer or one of our embedded capital partners—it’s our top priority, too. That’s why we’re excited to share about our recent SOC2 Type II completion and why it matters.

At Pipe, we’re committed to keeping our customer’s data safe while helping them access capital to grow on their terms. To guarantee that our systems and processes align with this goal, we turned to external experts for an independent review. A SOC 2 report is the result of that review.

What is a SOC 2 report?

Obtaining a System and Organization Controls (SOC) 2 report is one way for a service organization to prove the security of its digital environment. Completing a SOC 2 examination through an accredited third-party auditor does not result in a certification. Instead, the resulting CPA’s report is an independent attestation, not unlike an external financial audit. It’s a tool to help an organization communicate whether the internal controls governing the security of customers’, partners’, and stakeholders’ data are properly designed, implemented, and maintained.

In simpler terms, a SOC 2 report helps current and potential stakeholders assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably. And while our security team loves to burn the midnight oil (looking at you, Kyle*), it’s these processes that truly work 24/7 to keep your data safe.

* Our fearless Manager of Infrastructure & Security, Kyle Polley

Why SOC 2 matters and why we went through this process at Pipe

Completing a SOC 2 examination is a big step for any company. It demonstrates your commitment to data security and ensures that you’re prepared to face the challenges of the ever-changing cybersecurity landscape.

"Pipe’s SOC 2 report not only confirms the robust controls we've set up but also stands as a testament to our formidable technical infrastructure and our unyielding promise to 

prioritize and fortify security across our IT processes, ensuring the safeguarding of our customers' data," shared Namrata Ganatra, CPTO at Pipe.

What does a SOC 2 report include?

SOC 2 assessments are overseen by certified CPA entities. An auditor tests the effectiveness of the organization's internal controls and then maps those controls to one or more Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). 

For Pipe, these vital criteria encompass:

• Security: The system is protected against unauthorized access (both physical and logical).

• Availability: The system is available for operation and use as committed or agreed.

• Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.

• Confidentiality: Information designated as confidential is protected as committed or agreed.

• Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.

A SOC 2 report's breadth can fluctuate based on the time frame examined.

• SOC 2 Type I evaluates organizational controls at a specific moment and lists the tested controls.

• SOC 2 Type II assesses the controls over a period of time, typically between three and 12 months, cataloging both the examined controls and the auditor's findings. 

As a part of our commitment to the highest levels of security, Pipe's recent SOC 2 Type II report spanned from June 1, 2023, to August 31, 2023, and included all five of the criteria listed above. 

Where can I go for more information?

Our auditing partner, BARR Advisory, has provided a detailed breakdown of how to read a SOC 2 report, including where to find the most important and relevant information for your situation.

Current and prospective customers interested in obtaining a copy of Pipe’s latest SOC 2 report can reach out here. 

Last but certainly not least, a big thank you to everyone in Engineering, Security, and IT for their diligence and thoughtfulness in keeping our customers safe.