At Recon, we are committed to meeting the security demands of the evolving threat landscape and exceeding the expectations of our customers. We follow best practices, up to and including closely following Google's BeyondCorp approach to "Zero Trust" for our entire infrastructure. Our security philosophy is, "we must always be the most secure part of any organization that we may ever work with." This has enabled us to be a strong, trusted advisor and service provider to our customers and channel partners.
We recently decided to pursue third-party validation of our security posture by obtaining SOC 2 Type II Certification. We are thrilled to announce that we have achieved this certification.
What is SOC 2 Compliance?
SOC 2 (Systems and Organization Controls 2) is a security framework that specifies how organizations should protect customer data. Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.
The difference between SOC 2 Type I and Type II is substantial. Type I only measures your compliance at a single point in time whereas Type II monitors your compliance over a period of time. Many organizations will pursue Type I first to make sure they are ready for an eventual Type II audit. To demonstrate our unwavering commitment to maintaining the highest security posture at all times, we made the decision to skip straight to Type II and are humbled and pleased with achieving it the first time without a single exception.
A Tall Order for an Agile Startup
Achieving SOC 2 certification is no small feat. Many startups may feel it is even out of reach due to the time and resources it takes to prepare for and endure the audit process. Our secret weapon which reduced the friction in the process was leveraging the use of the Vanta platform as well as utilizing a top-notch audit firm that works closely with users of the Vanta platform, making evidence collection and sharing much easier throughout the audit process.
Vanta For the Win
Vanta was a crucial piece of the puzzle for us because it enables a small team to keep up with the overwhelming number of controls and tests that must be monitored to achieve and maintain compliance.
"Achieving a SOC 2 is a major milestone for any organization interested in improving their security - and proving that security posture to customers or prospects. But the cost and time associated with pursuing a SOC 2 can pose a daunting challenge for fast-growing startups. Vanta streamlines the process by automating the collection of up to 90% of the evidence companies need to prove their compliance, and providing clear guidance for and one place to upload the rest. All told, Vanta helps startups prep for SOC 2 audits in weeks rather than months."
Choosing a Solid Audit Partner
When choosing an audit firm, one of the most important considerations for us was picking a team that was already familiar with our platform (Vanta) to enable a smooth and frictionless audit. This would eliminate the need for never ending back-and-forth via email exchanging the countless pieces of evidence needed for an audit.
After interviewing multiple Vanta "approved" audit firms, we chose Johanson Group LLP and could not be happier with the result. The Johanson team was fast, efficient, and professional throughout the entire process. They helped us achieve our compliance objectives on a very aggressive timeline, without adding unnecessary delays or hurdles.
Johanson Group LLP combines deep experience with a strong commitment to personal service. Clients who work with us quickly realize that we are committed to their success and they receive great service and solutions as a result. Extensive knowledge and individualized attention from experts who are committed to quality, integrity, and professionalism are key elements in how we serve each client.