Achieving SOC 2 Type 2: Our Exemplary Commitment to Cybersecurity

When it comes to choosing the right vendors for your company, especially when they're the ones dealing with some of your most sensitive data, there is a question you should always ask as a decision-maker: “How serious are you about the security of your customers' information?”

At Upflow, we store and process the revenue data of our merchants, the list of their customers, details on their business relationships and communications. Thus, from day one, the answer to that question has always been "uncompromising". It’s not about impressing our clients; it's about doing the right thing so they can fully (and trustfully) focus on managing and improving their cash collection with Upflow.

But once we’ve acknowledged this fundamental principle, you may be uncertain about the best way to assess our commitment to securing your financial data and protecting your business transactions.

For this reason, it’s always been crucial for us to align our operations with the SOC 2 information security standard, and we’re happy to share that we’ve recently validated our effort by obtaining our SOC 2 Type 2 compliance report. And because we strive for excellence, the report comes with no exception (or non-conformity). Put simply, it's a demonstration that we dedicate significant efforts across our organization and successfully invest on the security, confidentiality, integrity and availability of our services. It shows that we’re aligned with best-in-class companies to keep your data safe.

What is SOC 2?

SOC 2 (Service Organization Control 2) is a widely recognized auditing standard regulated by the American Institute of Certified Public Accountants (AICPA). SOC 2 audits are conducted to assess the level of maturity of service organizations, notably cloud service providers, regarding their information security protocols and safeguards implemented to protect their services and the data of their customers. It involves independent auditors who are qualified to evaluate and attest to the effectiveness of an organization's internal controls.

What is a Type 2 report?

A SOC 2 Type 2 report is a comprehensive evaluation that assesses how effectively the service organization's controls work over a period of time, typically 4 to 6 months. It provides an independent auditor's opinion on whether the controls are not only designed, but also operated well enough to meet the trust principles of SOC 2.

Unlike a Type 1 report, which only assesses the design of controls at a specific moment, a Type 2 report shows how well the controls were implemented and operated over a lengthy period of time. This report assures stakeholders that the service organization consistently maintains effective controls and safeguards sensitive data.

What’s next?

Complying with SOC 2 is a means, not an end. We constantly strive at challenging and improving the security posture across our organization, making sure we cover emerging threats and keep protecting our customers’ data adequately.

If you want to learn more about the cybersecurity measures we put in place to ensure the confidentiality, integrity and availability of our service and customers’ data, see our security page and FAQ, or feel free to reach out so we can discuss.