Following an extensive audit to validate the efficacy of our governance, risk management, and compliance controls, Team Tikit is excited to announce the latest in furthering our commitment to keeping our customers and company safe at the highest possible level. We received a clean SOC 2 Type 2 attestation report, once again validating our best-in-class security and privacy commitment. We previously completed our first SOC 2 Type 1 report in 2022, and this SOC 2 Type 2 report builds upon that initial report.
SOC, which stands for Systems and Organizational Controls, was created by the American Institute of Certified Public Accountants (AICPA, now AICPA & CIMA). It is a framework designed to cater to a diverse range of organizations seeking comprehensive insights and confidence in the controls implemented by a service organization. These controls specifically address the security, availability, and processing integrity of the systems employed by the service organization for handling user data, as well as the confidentiality and privacy of the information processed through these systems.
As more organizations seek to process sensitive and confidential customer data with cloud-based products, such as Tikit, it is crucial that it is done so in a way that ensures that customer data will remain safe.
For our audit, we chose to work with Drata, whose automated compliance platform continuously monitors our internal security controls against the highest possible standards. With Drata, we have real-time visibility across the organization to ensure the end-to-end security and compliance posture of our systems.
Our audit was conducted by Sensiba LLP, a nationally recognized CPA firm registered with the Public Company Accounting Oversight Board. This report provided by Sensiba LLP affirms that Cireson’s information security practices, policies, procedures, and operations meet the rigorous requirements of the SOC 2 Trust Service Criteria.
How We’re Working to Keep Tikit Safe
Continuous Security Control Monitoring
Tikit uses Drata’s automation platform to continuously monitor more than 100 security controls across the organization. Automated alerts and evidence collection allows us to confidently prove our security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.
Our organization takes training and security awareness very seriously. All employees are required to complete at minimum an annual security awareness training course and are expected to always demonstrate best practices when handling customer data.
Penetration Tests & Vulnerability Scans
We work with industry leading security firms to perform monthly network and application layer penetration tests. In addition, all Tikit components are evaluated on their exposure to known systems vulnerabilities.
Secure Software Development
Tikit utilizes a multitude of code security and vulnerability tools throughout the software development lifecycle and QA process. These tools help identify and mitigate potential vulnerabilities in the codebase, ensuring that applications and software remain protected against security breaches and attacks. Additionally, these tools aid in enforcing coding best practices and industry standards, improving the overall code quality and maintainability.
Data encryption plays a crucial role in safeguarding sensitive information in today’s interconnected world. Data stored by and flowing through Tikit is encrypted both in-transit and at rest. Encryption in transit refers to the process of encoding data as it travels between devices or servers over networks, such as the internet. This encryption ensures that even if intercepted, the data remains unreadable and secure from unauthorized access. Data encryption at rest involves encrypting data stored on physical devices, databases, or cloud storage. In the event of a data breach or physical theft, encrypted data remains protected. Employing robust encryption techniques for both data in transit and at rest provides a strong defense against potential cyber threats, ensuring the confidentiality, integrity, and privacy of sensitive data throughout its lifecycle.
Vulnerability Disclosure Program
If you believe you’ve discovered a bug in Tikit’s security, please get in touch with us at SecAdmin@cireson.com. Our security team promptly investigates all reported issues and seeks to resolve them ASAP.
Our full press release about this announcement is available here. You can read more about our security and privacy standards and certifications on our security page. We encourage all customers and prospects who are interested in learning more about our commitment to security and reviewing our SOC compliance reports to contact us at SecAdmin@cireson.com.
In an effort to provide our customers with all the assurances they need for the utmost peace of mind, we’re actively working on improving and extending our security posture even more. We look at our SOC 2 Type 2 attestation as a robust foundation paving the way for us to conquer additional compliance frameworks like HIPAA, GDPR and the ISO27000 series. Exciting things are on the horizon, so stay tuned for more updates!