Parspec Achieves SOC 2 Type 1 Compliance!

We are thrilled to announce that Parspec, Inc. has successfully renewed its SOC 2 Type 1 compliance as of June 26, 2024. This reaffirms our ongoing commitment to ensuring that our systems, operations, and processes consistently adhere to the highest security standards. Maintaining this level of compliance underscores our dedication to protecting customer data and upholding robust security controls, as we continue to drive the digital transformation of the AEC supply chain.

Our Commitment to Security

At Parspec, our entire team – from sales to engineering – understands the critical importance of data protection and privacy. We implement regular vulnerability scans on all production systems and perform comprehensive penetration testing to ensure security is integrated into every aspect of our platform. Additionally, we maintain strict compliance standards across our software supply chain, incorporating security assessments of new algorithms as a key component of our SDLC.

While maintaining our own internal controls is essential, we wanted to go a step further by undergoing an independent audit. By partnering with Prescient Assurance, a trusted third-party auditor, we received an unqualified opinion on our SOC 2 Type 1 report. This attestation provides objective proof to our customers that their data is secure and our security practices meet the AICPA’s Trust Services Criteria.

What is SOC 2?

SOC 2, developed by the American Institute of CPA’s (AICPA), defines criteria for managing customer data based on five different “trust service principles“. These principles are security, availability, processing, integrity, confidentiality, and privacy.

There are two types of SOC 2 reports:

1. SOC 2 Type 1 Report – a point-in-time description of a company’s systems and whether their design is suitable to meet relevant trust principles.
2. SOC 2 Type 2 Report – details the operational effectiveness of those systems over a period of time.

Before SOC 2, there was no formal or standard set of compliance standards that companies were forced to follow. There were guidelines and best practices, of course, but never an objective audit and review of an institution’s systems and controls that actually proved they follow the procedures they claim to have in place. Think back to a time before the SEC audited firms for GAAP compliance. Sure, some companies followed standard financial reporting principles, but there was no governing body enforcing those principles or proving they existed.

The SOC II framework provides GAAP-level accountability for customers’ data. SOC 2 reports are unique to each organization and follow their own specific business practices, each designed with its own controls to comply with one or more of the trust principles above. If you review Parspec’s report, pay close attention to the controls and policies we have in place. Not every SOC 2 report is equal.

SOC 2 reports are objective and conducted by a third-party CPA. After establishing our controls, policies, and SLAs, auditors at Prescient Assurance dove into our system description and our controls. They provided their expertise and knowledge, allowing us to perfect our system even further. The full report can be requested through our Trust Report.

What's Next:

Our security journey doesn’t stop here. At Parspec, we believe that SOC compliance is an ongoing process, not a one-time achievement. We will soon begin preparing for our SOC 2 Type 2 audit, which will assess how well our controls operate over an extended period.

In the meantime, you can get a real-time look at our compliance controls by visiting our Trust Report. If you have any questions, feel free to contact us at hello@parspec.io.

Full press release below:

Parspec, Inc. successfully completed the AICPA Service Organization Control (SOC) 2 Type I audit. The audit confirms that Parspec, Inc.’s information security practices, policies,
procedures, and operations meet the SOC 2 standards for security.

Parspec, Inc. was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc.

For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com.

An unqualified opinion on a SOC 2 Type I audit report demonstrates to the Parspec, Inc.’s current and future customers that they manage their data with the highest standard of security and compliance.