Parspec announces its SOC 2 Type 1 attestation report

Security is top priority. We understand that in order for us to fully usher the AEC supply chain to a digital age, we must first ensure Parspec’s systems, team members, and operating model follow strict security guidelines. From sales to engineering, our team members understand the impact they have when it comes to protecting customer privacy and data. We test our systems frequently and ensure we have every control in place to maintain sound protection of our customers’ data. Though we hold ourselves accountable to maintain our robust security posture, we decided to take it a step further, and pursue our SOC II attestation to prove to our customers that their data is objectively secure.

On November 17th, we took a fundamental step towards that ultimate goal when we received our Type 1 report from Prescient Assurance, assisted by Vanta. Though this is a point-in-time audit, we are proud of the controls we have set up and the procedures we follow to ensure all customer data is protected and secured. In the event of a failure of those controls, we have SLAs in place to reconcile that failure.

Want to see a live shot of our compliance controls? Head over to our Trust Report to gauge how Parspec manages customer data, security policies, and controls. If you have any questions, you can always reach out to our team at [email protected].

What is SOC II & how does it prove controls and policies are adhered to?

SOC 2, developed by the American Institute of CPA’s (AICPA), defines criteria for managing customer data based on five different “trust service principles“. These principles are security, availability, processing, integrity, confidentiality, and privacy.

There are two types of SOC 2 reports:

1. SOC 2 Type 1 Report – a point-in-time description of a company’s systems and whether their design is suitable to meet relevant trust principles.
2. SOC 2 Type 2 Report – details the operational effectiveness of those systems over a period of time.

Before SOC 2, there was no formal or standard set of compliance standards that companies were forced to follow. There were guidelines and best practices, of course, but never an objective audit and review of an institution’s systems and controls that actually proved they follow the procedures they claim to have in place. Think back to a time before the SEC audited firms for GAAP compliance. Sure, some companies followed standard financial reporting principles, but there was no governing body enforcing those principles or proving they existed.

The SOC II framework provides GAAP-level accountability for customers’ data. SOC 2 reports are unique to each organization and follow their own specific business practices, each designed with its own controls to comply with one or more of the trust principles above. If you review Parspec’s report, pay close attention to the controls and policies we have in place. Not every SOC 2 report is equal.

SOC 2 reports are objective and conducted by a third-party CPA. After establishing our controls, policies, and SLAs, auditors at Prescient Assurance dove into our system description and our controls. They provided their expertise and knowledge, allowing us to perfect our system even further. The full report can be requested through our Trust Report.

What’s next in our SOC 2 journey? Starting early next year (2023) we will embark on furthering our compliance standards by conducting a SOC 2 Type 2 audit to ensure all facets of our platform are secure.

Why we chose Vanta

We partnered with Vanta, the leader in continuous compliance monitoring, to help us automate the collection of our audit evidence. Parspec is a startup focusing on developing a best-in-class product and building a best-in-class go-to-market team to help sell that product. All of our bandwidth is spent perfecting our offering for our customers and streamlining business operations. The thought of undertaking this effort without a baseline understanding of the SOC 2 framework would have been incredibly resource and time intensive. Vanta not only provided the level of expertise needed to set up proper controls and procedures, but also the tool for us to manage the massive amount of work needed to maintain those controls and prove their effectiveness.

Whether you are an established technology company or a pre-revenue startup, partnering with Vanta will quickly prove its ROI by the following:

• Providing unbiased expertise on all things data security and SOC 2
• Automating documentation, policy, and ultimately system description creation
• Coordinating control development across teams and stakeholders
• Monitoring compliance across those controls and team members

In short, you no longer need a specific team focused on security to prove and maintain your compliance. By partnering with Vanta we ensured we could still focus on revenue-critical activities while not forfeiting the development of our security posture.

Full press release below:

San Francisco, CA – Thursday, November 17, 2022 – Parspec, Inc. announced today that it has achieved SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Achieving this standard with an unqualified opinion serves as third-party industry validation that Parspec, Inc. provides enterprise-level security for customers’ data secured in the Parspec, Inc. System.

Parspec, Inc. is a construction technology startup focusing on streamlining the construction supply chain. Parspec’s customers are construction material vendors, distributors, and manufacturer representatives in the United States and Canada.

Parspec, Inc. was audited by Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which include but are not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out to them at [email protected]. An unqualified opinion on a SOC 2 Type I audit report demonstrates to Parspec, Inc.’s current and future customers that they manage their data with the highest standard of security and compliance.