Hydrogen has been certified as SOC 2 Type 1 and Type 2 compliant by industry leading auditing firm Armanino! With this new milestone, Hydrogen becomes one of the earliest stage companies in the entire SaaS industry to get this prestigious level of security compliance. We strongly believe in transparency. Thus, you can download the report on our website below:
This audit was nearly a year long endeavor. The auditing firm looks at over 200 items when measuring SOC 2 compliance in the following categories:
- Control Environment
- Logical and Physical Access Controls
- Control Activities
- Communication and Information
- Risk Mitigation
- Risk Assessment
- Additional Criteria for Availability
- Additional Criterial for Confidentiality
- System Operations
- Change Management
SOC 2 Background
The System and Organization Controls (SOC) are standards created by the American Institute of CPAs (AICPA). There are three types of SOC reports, including SOC 1 (financial controls), SOC 2 (very detailed audit of a company’s security controls), and SOC 3 (very condensed version of the SOC 2 meant for public consumption).
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.
Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.
These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Hydrogen Compliance Standards
Hydrogen is now compliant with the following standards:
- SOC 2 Part1 and Part 2
- PCI Level 2
- Reg B, Reg E, Reg Z, UDAAP, and FCRA
When you sign up for Hydrogen and use our Debit or Credit products, we roll up your card programs under these compliance standards, saving you over $250k per year in fees, and thousands of hours dealing with auditors!