Hi everyone! We have some great news! Beamer has now been audited and certified from the most reputable accreditation for security standards in the world: SOC 2. In this short article we’ll tell you what SOC 2 is, what we did to achieve it, and why it matters.

Information and data security are at the center of our industry. Upholding security standards is more than just protecting your company from legal issues but it’s an ethical mandate in a world where privacy is one of the central concerns of users.

At Beamer we pride ourselves on having security as a mantra. We already do lots to keep your data safe and your interactions secure but we wanted to give you even more peace of mind with official certification. That’s why we embarked on a months-long process to get our security audited, tested and accredited by a reputable third party, to guarantee that our promises are more than just words.

All Beamer products are now SOC 2 Type II certified!

Contents:
  1. What is SOC 2 compliance?
  2. Beamer and SOC 2.
  3. Our pledge and what we learned.

What is SOC 2 compliance?

SOC 2 is a report that evaluates an organization’s compliance with information system security, confidentiality, and privacy. It’s based on the Trust Services Criteria (TSC) by the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA). 

In the broadest terms it means that we at Beamer have strengthened our internal processes to make sure that our users have a fully secure experience while using our products. This report is an attestation or audit of internal practices. To obtain it we had to follow strict protocols and guidelines.

To obtain a SOC 2 attestation, companies must demonstrate compliance with five criteria:

  1. Security: This means that we have back and front-end controls to protect our customers’ information and provide a secure experience. We also have shown proof of security standards regarding firewalls, authentication and intrusion detection.
  2. Availability: This means that our systems have shown to be available for operational activities, and in case of emergency or disaster we have plans in place for recovery.
  3. Confidentiality: This means that we have active strategies in place to protect the company information and secure data through encryption and access control. 
  4. Privacy: This guarantees that our gathering, handling and processing of user data is done in accordance to our privacy policies and terms of use, in a trustworthy manner and using the proper encryption practices.
  5. Processing Integrity: This means that our systems’ processing has proven to be valid and of the required quality, that our transaction processing is accurate and that all errors are handled and corrected in a timely manner. 

Beamer and SOC 2.

Sure, most of the requirements for SOC 2 compliance we already met before applying to the AICPA, but the process of passing the human and automated tests allowed us to focus on improving and fixing all areas that were audited. Things were good, so we made them great. 🚀

And that’s not all! There are two types of SOC 2 reports! Type I includes all the criteria we explained before, but Type II (the one we’ve got) is even harder to get and takes the audit further. We had to pass more stringent security requirements 🔍 and we had to demonstrate that all the requirements of Type I were efficiently sustained over a period of time.

So what we did?

  • All of our system operations were audited. Then…
  • We focused on the control and monitoring of our system activities.
  • We made sure to have policies and procedures in place for risk assessment, risk mitigation, emergency response, internal communication and information handling.
  • We extra secured our access controls, authentication, data processing, encryption and user data security.
  • We spent time taking tests, fine tuning, and making sure that all our team members were on the same page and had the proper training.
  • We even got some tricky security drills! 👀
  • Then we got audited again for almost a year.
  • 💯And we passed!

Our pledge and what we learned.

During this process of months we learned a lot about ourselves. We were proud to already have in place protocols and practices to make our app secure but we also learned to beware of getting too comfortable. Hubris is a security risk. Because online security is an ever-evolving field, there’s no place to be at where you don’t have to keep improving.

The audit helped us to rethink our security practices, to put it at the center of everything we do, as a vital part of not just our products but our company’s culture: from our systems to our daily routines as a team. We took care of our weak spots, we improved what we already considered great. Then, as communication is also a vital part of what Beamer does, we are ready to let you know that you can trust our company to keep your data safe and to always improve the steps we take to do so.

To learn more about SOC 2, please visit the AICPA website and if you want to know more about what we do to keep our products secure please read our Data Security page. Also don’t forget to take a look at our Privacy Policy and Terms of Use.

SOC 2 is not the only standard we follow to deliver a product that is at the forefront of the industry. Our users in the European Union, may also be interested to know that we are also GDPR compliant.

If you want the full details you can email us at 

AICPA SOC logo