At Forethought, we are committed to keeping our customers’ data safe and secure. This April, we took another big step in demonstrating this commitment, by successfully completing our SOC 2 Type II certification.
An independent, third-party firm that provides cyber risk management and compliance services for enterprises conducted Forethought’s SOC 2 Type II certification. The audit evaluated Forethought’s processes and controls for the 12-month period from February 1, 2019 to January 31, 2020. The controls are aligned with ISO 27001 and NIST.
What is a SOC 2 Type II report?
SOC, which stands for Service Organization Controls, is a security compliance report based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC).
SOC 2 reports evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
A SOC 2 Type I, our previous certification given last February, provides a “snapshot in time” report, certifying that a company had appropriate controls in place at a specific point in time.
In contrast, a SOC 2 Type II report certifies that a company has demonstrated adherence to appropriate controls over an extended period of time. SOC 2 Type II reports are therefore more difficult to obtain, and require a sustained company-wide commitment to security, including everything from background checks to device security.
In Forethought’s case, we received a SOC 2 Type II report that proves demonstrated adherence over a 12-month period, from February 1, 2019 to January 31, 2020.
Why this matters
Maintaining a high level of security is integral to the success of our customers as well as to our own company and employees. As we continue to grow as a company, we are working to create key foundational needs like security to make sure we develop properly. In a large sense, we are setting our future selves and our current and future customers up for success by focusing on these aspects of the business now.
Forethought is committed to honoring the trust you place in our organization, and will continue to undergo regular third-party audits and rigorous examinations to ensure the safety and security of your data.
If you have any questions about our SOC 2 Type II certification, please reach out to us at security [at] forethought.ai.