Why SOC 2 Compliance is a Must-Have for Your Capital Partner
Find out what a SOC 2 review covers and why it's crucial for an embedded finance partner.
By Pipe 3 Min Read — November 2, 2023
When it comes to your company’s finances, security is key. Protecting your data and financial information is a top priority, and—whether you’re a Pipe customer or one of our embedded capital partners—it’s our top priority, too. That’s why we’re excited to share about our recent SOC2 Type II completion and why it matters.
At Pipe, we’re committed to keeping our customer’s data safe while helping them access capital to grow on their terms. To guarantee that our systems and processes align with this goal, we turned to external experts for an independent review. A SOC 2 report is the result of that review.
What is a SOC 2 report?
Obtaining a System and Organization Controls (SOC) 2 report is one way for a service organization to prove the security of its digital environment. Completing a SOC 2 examination through an accredited third-party auditor does not result in a certification. Instead, the resulting CPA’s report is an independent attestation, not unlike an external financial audit. It’s a tool to help an organization communicate whether the internal controls governing the security of customers’, partners’, and stakeholders’ data are properly designed, implemented, and maintained.
In simpler terms, a SOC 2 report helps current and potential stakeholders assess risk by giving them a closer look at the policies and procedures put in place to ensure the organization’s services are provided safely and reliably. And while our security team loves to burn the midnight oil (looking at you, Kyle*), it’s these processes that truly work 24/7 to keep your data safe.
* Our fearless Manager of Infrastructure & Security, Kyle Polley
Why SOC 2 matters and why we went through this process at Pipe
Completing a SOC 2 examination is a big step for any company. It demonstrates your commitment to data security and ensures that you’re prepared to face the challenges of the ever-changing cybersecurity landscape.
"Pipe’s SOC 2 report not only confirms the robust controls we've set up but also stands as a testament to our formidable technical infrastructure and our unyielding promise to
prioritize and fortify security across our IT processes, ensuring the safeguarding of our customers' data," shared Namrata Ganatra, CPTO at Pipe.
What does a SOC 2 report include?
SOC 2 assessments are overseen by certified CPA entities. An auditor tests the effectiveness of the organization's internal controls and then maps those controls to one or more Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
For Pipe, these vital criteria encompass:
Security: The system is protected against unauthorized access (both physical and logical).
Availability: The system is available for operation and use as committed or agreed.
Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
Confidentiality: Information designated as confidential is protected as committed or agreed.
Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
A SOC 2 report's breadth can fluctuate based on the time frame examined.
SOC 2 Type I evaluates organizational controls at a specific moment and lists the tested controls.
SOC 2 Type II assesses the controls over a period of time, typically between three and 12 months, cataloging both the examined controls and the auditor's findings.
As a part of our commitment to the highest levels of security, Pipe's recent SOC 2 Type II report spanned from June 1, 2023, to August 31, 2023, and included all five of the criteria listed above.
Where can I go for more information?
Our auditing partner, BARR Advisory, has provided a detailed breakdown of how to read a SOC 2 report, including where to find the most important and relevant information for your situation.
Current and prospective customers interested in obtaining a copy of Pipe’s latest SOC 2 report can reach out here.
Last but certainly not least, a big thank you to everyone in Engineering, Security, and IT for their diligence and thoughtfulness in keeping our customers safe.
Disclaimer: Pipe and its affiliates don't provide financial, tax, legal, or accounting advice. What you're reading has been prepared for knowledge-sharing and informational purposes only. Please consult your financial and legal advisors to determine what transactions and decisions are right for you and your business.
Share this article
October 31, 2023 — 18min read
The Definitive Guide to Growth Marketing: Prioritizing, Automating, and Experimenting for Success
18min —October 31, 2023
October 6, 2023 — 11min read
Business financial planning and budgeting to make the most of your capital
11min —October 6, 2023