Why Evident is Pursuing SOC 2 Type II Compliance

May 16, 2022

In early 2022, Evident began working to complete a System and Organization Controls (SOC 2) Type II audit. Evident was built from the ground up with security and privacy in mind and we have had extensive security and privacy policies in place. SOC 2 Type II will provide additional external validation of compliance with these security and privacy policies.

Evident is partnering with Drata and using their automation platform to continuously monitor 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection validate Evident’s security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

In addition to continuously monitoring security policies and procedures, Evident is working with industry-leading security firms to regularly perform network and application layer security testing, and is utilizing a variety of data security and vulnerability checks throughout the software development lifecycle. Evident’s employees are also subject to our annual security training program to ensure best practices when handling customer data.

“With two data security and privacy patents already under our belt, Evident is no stranger to the importance of data protection and has undergone independent, individualized security policies and procedures audits for many of our customers,” said Evident Co-Founder and Chief Product Officer, Nathan Rowe. “The pursuit of an official SOC 2 Type II designation will take our commitment to ensuring privacy and data protection best practices for our customers and their third-party networks to the next level.”

Those interested in further details on Evident’s security controls and policies as well as the progress of SOC 2 Type II audit, please send an email to: compliance@evidentid.com.

Tags: , , , ,

News and Resources

Ready to reduce your third-party risk with automated Insurance Verification and Fulfillment?