We are proud and happy to announce that we have received a SOC 2 Type 2 attestation report on September 27, 2022. Previously we had received SOC 2 Type 1 attestation report on April 19, 2022 and ISO 27001 certification on April 16, 2022. The assessment by an external party and their report provides evidence of our dedication to provide our customers with a secure high-quality service.
Good services are trustworthy, secure and reliable. Which is why ReBid takes the protection of our customers’ data very seriously. Our service has the highest standard of security along with robust processes you can count on.
WHAT IS SOC 2 COMPLIANCE?
SOC, or System and Organization Controls, is the brainchild of the American Institute of Certified Public Accountants (AICPA). SOC 1 looks exclusively at financial controls, while SOC 2 is a broader standard that applies to most organizations that store client data. More specifically, SOC 2 is an auditing standard used to assess data security as it relates to cloud-based storage of customer information.
The goal is to ensure that the organization and its cloud-based systems are designed in a way that guarantees security, availability, processing integrity, confidentiality, and privacy of customer data.
What is ISO 27001 Compliance?
ISO 27001 is the only auditable international standard that sets the standards for an information security management system (ISMS). An ISMS is a combination of policies, procedures, processes and systems for controlling information risks, such as cyber attacks, hacking, data leaks and theft. A company’s ISO 27001 accreditation verifies that it has defined and implemented best-practice information security processes.
SOC 2 and ISO 27001 creates a high standard for customer data protection by:
- Requiring companies to establish and follow data security policies and procedures for their cloud-based data systems;
- Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
- Performing assessments to ensure companies are complying with data security policies and procedures;
- Adopting an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
- Continuously updating compliance and security standards to reflect the current challenges of cloud data security threats.
To become SOC 2 compliant, a company has to be audited by an independent Certified Public Accountant (CPA). Sensiba San Filippo (SSF), an American CPA firm, has audited ReBid.
For ISO 27001, ReBid has received certification from BQSR, a globally recognized ISO Certification body. BQSR is accredited by International Accreditation Service (IAS) USA, a member of IAF.
WHAT IS THE VALUE OF SOC 2 COMPLIANCE AND ISO 27001 CERTIFICATE FOR A SAAS-COMPANY?
The most common concern among our customers has been focused on the security and privacy of their data. As a SaaS-company, we have a great responsibility when handling our customer’s data; therefore, we want to follow industry best practices regarding how we work with security.
This is precisely what SOC 2 & ISO 27001 does – it provides organizations the chance to incorporate best practice procedures into their way of working in every part of the organization, which provides great value both to the organization itself and its customers.
For us at ReBid, SOC 2 & ISO 27001has improved our procedures throughout all parts of the organization, from recruiting to business continuity planning to change management when deploying code. We are confident that SOC 2 compliance has made us more robust and reliable both now and for the future
SECURITY AND COMPLIANCE GOING FORWARD
Thanks to data privacy regulations such as GDPR, ReBid has already had vast experience in updating our internal Security and Compliance Program and making it robust. SOC 2 & ISO 27001 have been a great complement to our existing program by taking a holistic approach to security.
IT security and compliance are continuously evolving, with new threats and challenges on a daily, sometimes hourly, basis. Certification reaffirms our commitment to providing customers with the highest levels of safeguards. We conduct audits on an annual basis, and always give priority to providing our customers with a secure and dependable service. If you have any questions or want to receive a copy of the SOC 2 report, please send an email to legal@rdandx.com.
