I am proud to announce that CAKE has successfully achieved all applicable Service and Organization Control (SOC) certifications for the current year, reinforcing the company’s commitment to our customers and the security of their businesses. A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), SOC compliance signifies CAKE’s ongoing dedication to the safety of our customers’ data.

SOC Reports Explained

SOC reports are designed to help companies that provide services to other entities build trust and confidence in the services provided and controls related to the services through a report by an independent CPA.  For all of the applicable SOC reports, CAKE conducts annual audits under the supervision of AICPA to ensure we maintain our compliance status.

There are two main kinds of reports used in SOC audits: Type 1 reports and Type 2 reports.  A Type 1 report tests the organization’s controls at a single point in time; a Type 2 report tests both the design and the operating effectiveness of an organization’s controls over a period of time, typically six to 12 months.  These reports are valuable for users who require detailed information and assurance about the controls at a service organization, which include the security, availability, and processing integrity of the systems the organization uses to process user data and the confidentiality and privacy of the information processed by these systems.

SOC reports offer important insight into:

• Oversight of the service organization
• Vendor management programs
• Internal corporate governance
• Internal risk management processes
• Regulatory oversight

The SOC Certification Process

CAKE begins its official auditing process in Q4 of a given year.  In preparation, CAKE conducts internal audits, risk assessments, and quarterly information security meetings throughout the year.   These internal check-ins ensure that the CAKE team is effectively enforcing its security controls throughout the entire year and that every aspect is documented for the audit process.   The audits include investigation into the various controls CAKE has in place in addition to gathering documentation and samples from every internal department.   The audits can span over several months; CAKE’s reports are normally available in Q1 of the following year.

What a Successful SOC Audit Means for CAKE’s Customers and Prospects

By meeting the SOC standards, CAKE delivers on our security and consumer privacy commitments and protects the businesses and investments of our customers.

CAKE’s privacy policies, ongoing compliance efforts, compliance readiness, and voluntary membership to the Interactive Advertising Bureau Europe’s Transparency and Consent Framework (IAB TCF) demonstrate the company’s continued dedication to protect customer data and individual privacy.   Verified through an in-depth SOC audit, CAKE customers can be confident that controls and auditing procedures are in place related to data security practices, policies, procedures, and operations.

CAKE’s SOC Certifications

SOC 2 Certifications

• Type 2 SOC 2:  An audit designed to ensure service providers are properly managing their data, in the interest of both the organization and client.   The audit reports on controls relevant to security, availability, processing integrity, confidentiality, and privacy, confirming that CAKE has the proper controls in place and recorded in order to confidently do business with our clients while protecting their data.

SOC 1 Certification

• Type 2 SOC 1:  Type 2 SOC 1 audits provide assurance that CAKE’s controls over financial reporting are safe and secure.

By achieving a Type 2 report for both SOC 2 and SOC 1, CAKE has validated that the company effectively implemented these controls over a 12-month period.

To learn more about the processes and controls CAKE has in place, please reach out to compliance@getcake.com.