We’re thrilled to announce our SOC 2 Type II certification as part of our ongoing commitment to providing you the highest level of security assurance.
When you use Gorgias, we know that you’re putting your trust in us. That’s why we hold our commitment to your security as our highest priority and safeguard your data with full transparency. Our security policy contains penetration testing, incident response plan, data lifecycle, comprehensive system status live report, and more.
Today, we’re happy to announce that Gorgias is now Service Organization Control (SOC) 2 compliant for Type 2. This achievement follows our numerous investments in platform security over the years as part of our goals to secure customer data.
An independent auditor conducted a thorough audit of our servers, systems, and products over six months. They verified that our information security practices, policies, procedures, and operations meet the thorough SOC 2 standards for security, availability, processing integrity, confidentiality, and privacy (also called five trust service principles).
This industry-wide recognition serves as our reassurance that your data is managed in a controlled and audited environment.
What is SOC 2 Type II Compliance?
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for evaluating how well a company manages customer data and ensuring a set of security controls are in place. A SOC 2 report is unique to each organization because it’s in line with specific business practices.
There are two types of SOC 2 reports: Type I and Type II. Type I checks if a system can handle issues like data breaches. Meanwhile, Type II examines how the system works and how effective it is to protect data against security threats.
What Does Our SOC 2 Type 2 Compliance Mean for You?
Our completion of the SOC 2 Type II audit is our testament to the fact that we always prioritize your data security and privacy. We appreciate your trust in us and strive to strengthen this trust in the long term.
You can be sure that:
- The data you share with Gorgias meets the AICPA standards for security. That goes for your personal information, ticket inquiries, customer data, and the like.
- Your data is protected with procedures and controls to assess, minimize, and eliminate risks and vulnerabilities.
- We always conduct ongoing monitoring of features and processes across our platform to maintain security.
We hope our successful SOC 2 Type 2 helps you rest easy knowing that your data in Gorgias is secure. But this update is only the latest milestone in delivering our commitment. We’re continuing to improve our security control and data privacy practices for all merchants. To learn more about our security policies, visit our security page or contact us at [email protected].