Compa proudly announces SOC 2 Type 2 compliance – and three lessons learned along the way

Deepening our commitment to trust & security

Building on our already strong foundation of security, we are thrilled to announce we’ve achieved SOC 2 Type 2 compliance. After over six months of policy & procedure implementation and audit monitoring, we’ve learned three important lessons about getting to SOC 2 Type 2 compliance:

1. It’s a heavy lift. The process required an extensive and intensive audit - and, when necessary, creation - of Compa’s policies and practices around information security and privacy. From background checks for new hires to incident response policies to procedures for responding to natural disasters, we’ve implemented industry-leading practices up and down our business to keep your data secure. On top of that, the 6-month audit period demanded policies and procedures to not just exist, but to be robust and resilient.
   

2. It’s doable. Despite at times feeling like an endless slog through Q&A spreadsheets and policy documents, the worst it can fairly be described is tedious; there’s simply a great deal to do (see 1. above). But because of a few great partners who helped guide us, including Secureframe, Safebase, and Prescient Assurance, we achieved this milestone without too much frustration or confusion - especially compared to how burdensome the process was even just a couple years ago. We’re immensely grateful for these partners, as well as our incredible team, who helped accelerate our path to compliance.
   

3. It’s worth it. As we’ve written before, this achievement underscores our foundational belief that compensation data is both deeply personal to candidates and a competitive advantage for companies, and protecting it is our highest priority. We are proud to have the SOC 2 Type 2 seal because we don’t have to tell customers that we’ll keep their data secure – we can show them.
   

Top notch data security is non-negotiable in today’s world. It’s also not something that you do once and move on. Rather, it’s an everyday practice and continuous commitment to the currency of our business, and of yours. We’re proud to be SOC 2 Type 2 compliant, and we’re eager to continue building products that are useful, delightful, and most of all, secure.

‍
Please visit us at www.trycompa.com/security to learn more about security at Compa.