CAKE has reinforced the company’s commitment to its customers’ security by successfully achieving all applicable Service and Organization Control (SOC) certifications. A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), SOC compliance signifies CAKE’s ongoing dedication to ensure the safety of our customers’ data, enabling organizations to achieve excellence with data-driven insights. For all of the applicable SOC reports, CAKE conducts annual audits under the supervision of AICPA, to ensure we maintain our compliance status.
What are SOC reports?
SOC for Service Organizations reports are designed to help companies — that provide services to other entities — build trust and confidence in the service performed and controls related to the services through a report by an independent CPA.
These reports are intended for a broad range of users that require detailed information and assurance about the controls at a service organization. These controls include the security, availability, and processing integrity of the systems the organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
What does this mean for CAKE’s customers and prospects?
By meeting the SOC standards, CAKE delivers on our security and consumer privacy commitments, and protects our clients’ businesses.
CAKE’s certifications and other ongoing efforts such as GDPR and CCPA compliance readiness and our voluntary membership to the Interactive Advertising Bureau Europe’s Transparency and Consent Framework (IAB TCF) demonstrate our continued dedication to protect client data and individual privacy. Verified through an in-depth SOC audit, CAKE customers can be confident that controls and auditing procedures are in place related to data security practices, policies, procedures, and operations.
What is the process for completing SOC certifications?
CAKE begins its official auditing process in Q4 of each year. In preparation, CAKE also conducts internal audits, risk assessments, and quarterly information security meetings throughout the year. These internal check-ins ensure that the CAKE team is effectively enforcing its security controls throughout the entire year and that every aspect is documented for the audit process. The audits, include investigation into the various controls CAKE has in place, plus gathering documentation and samples from every department. The audits can span over several months and CAKE’s reports are normally available in Q1 of the following year.
What are the SOC certifications CAKE has completed?
SOC 2 Certifications
- Type 1 SOC 2: Reports on management’s description of a service organization’s system and the suitability of the design of controls.
- Type 2 SOC 2: An audit designed to ensure service providers are properly managing their data, in the interest of both the organization and client. The audit reports on controls relevant to security, availability, processing integrity, confidentiality, and privacy. After completing Type 2 SOC 2, CAKE was confirmed as having the proper controls in place and recorded in order to confidently do business with our clients while protecting their data.
SOC 1 Certification
- Type 2 SOC 1: Our most recent SOC certification, Type 2 SOC 1, provides assurance that CAKE’s controls over financial reporting are safe and secure. Furthermore, the Type 2 report validates that CAKE has effectively implemented these controls over a 12-month period.
Other ways CAKE protects data and eliminates privacy concerns.
- CAKE Completes GDPR Compliance Readiness
- CAKE Completes CCPA Compliance Readiness
- CAKE Security Settings to Protect Your Platform
- Interactive Advertising Bureau Europe’s Transparency and Consent Framework (IAB TCF) Membership
To learn more about the processes and controls CAKE has in place please reach out to our team at firstname.lastname@example.org.