After weeks of documentation, research, and reporting, we are proud to announce that WellSaid Labs is now SOC 2 Type 1 compliant. This means we provide an added level of security documentation for our customers. Let’s look at what this means for creators.
What is SOC 2?
Maybe you’ve heard the term “SOC” but weren’t quite sure what it means. SOC stands for Systems and Organizations Controls (there is a SOC 1, 2, and 3 report). It was formulated by the American Institute of CPAs (AICPA) as a way to document the security practices of a service provider.
SOC 2 Type 1 provides a documentation of the policies in place, while Type 2 observes the efficacy of the policies over a six month time period. WellSaid Labs is pursuing a Type 2 certification over the next two quarters.
The process helps a company like WellSaid quickly demonstrate to our customers that there are plans in place for a variety of scenarios. The five areas covered are “security, availability, processing integrity, confidentiality, and privacy.”
How the AICPA describes SOC 2:
“These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.”
Why pursue SOC 2 compliance?
WellSaid takes the customer relationship seriously. This extends from a trustworthy procurement and onboarding process, all the way to the production of AI voiceover. By going through the strenuous SOC 2 certification process, we improve our own documentation while making it readily accessible to the public.
This complies with our company value of transparency. We strive to interact with all of our stakeholders in an ethical way, and with integrity. Completing this certification is an important part of that responsibility.
Have more questions? Email our team at email@example.com