Back to blog

Surveil Achieves SOC2 – Here’s What It Means for Secure Cloud Optimisation

3 minute read

Thanks to the dedication and leadership of our Security Team, we’re proud to announce that Surveil is officially SOC2 accredited – but what exactly does that mean?

At Surveil, we recognise the importance of security to our partners and their SaaS customers; after all, without the confidence of great security, it’s pretty tricky to trust any old cloud analytics platform to ingest your data. Fortunately, we’ve had security-by-design in mind since the beginning, building Surveil to be exclusively read-only with multiple, layered controls – including in-transit and at-rest data encryption.

We understand that continuous improvement is a key factor of successful security management – especially as security risks become increasingly sophisticated and more users rely on our platform’s powerful cloud optimisation insights.

In response, we’ve implemented a risk management-orientated programme – led by our Chief Information Security Officer, Laurence Dale – with the aim to continuously implement industry best practice across people, process, and technology.

As part of that programme, we’ve been working to attain a number of certifications, achieving ISO-27001 and Cyber Essentials certification, and now SOC2 – helping to prove our commitment to security and giving Surveil’s partners and users the confidence to depend on our smart cloud optimisation analytics.


That’s Great…But What is SOC2?

SOC2 – or Service Organization Control 2 – is an auditing procedure developed by the American Institute of CPAs (AICPA) to ensure service providers are securely managing data and protecting their clients’ interests, and the clients’ customers’ privacy.

At the heart of SOC2 sit the five Trust Services Criteria, around which the accreditation is organised; Surveil was audited for all five criteria, covering:

  • Security controls, ensuring data is protected against unauthorised disclosure and access.
  • Availability controls, allowing for information to be accessed when required.
  • Confidentiality controls, restricting unauthorised access to confidential information.
  • Processing Integrity controls, ensuring data is being processed with accuracy and in with reliability.
  • Privacy controls, protecting consumer data and aligning to compliance with collection, retention, and disposal requirements.

Best of all, SOC2 is specifically designed for SaaS companies like Surveil – service providers storing customer data in the cloud. By design, aspiring towards SOC2 compliance is a natural fit for us. Want to dive a little deeper? Check out this video from our compliance automation platform providers, Drata.



Why is SOC2 Compliance So Powerful?

Attaining SOC2 compliance isn’t just about having a new badge to show off when talking to our partners and their customers – it offers several crucial benefits, including:

  • Enhanced Security: Because of the strict information and security policies necessary to become SOC2 compliant, it’s an organic path toward reducing the risk of cyber-attacks and data breaches.
  • Increased Trust: Achieving SOC2 compliance also means we’ve demonstrated our commitment to protecting user data – it’s not just paying lip service. That means our partners and their customers can confidently place their trust in us.
  • Proving Commitment: Working towards our SOC2 compliance has brought our security up to another globally recognised standard, and it’s contributed towards the objectives of our Governance, Risk and Compliance (GRC) programme – showing that we’re committed to our continuing security aspirations.

With SOC2 under our belt, we can now look towards the future and achieving compliance with more global frameworks. In the meantime, feel free to visit our Security FAQ and the Surveil Trust Centre to read up on our approach to providing secure cloud optimisation.

Ready to see smart cloud optimisation in action? Get in touch to arrange a demo.

Related articles