Psst.
We have a secret. A really big one.
Want to know what it is?
Yeah, you and 14,000 of your closest Nigerian prince friends.
When it comes to privacy, security and confidentiality, the world is a very different place than it was 30 years ago. Back then, privacy / security policies were tantamount to pinky-swears on a playground. (“Your secrets are safe with us. We PROMISE…”)
Fast forward to today, and data privacy and security is a BIG deal. Just ask the Internal Revenue Service.
Recently, the IRS announced that in order to access the website and government services, people will be required to verify their identity by registering a video selfie with a third-party facial recognition company. Public backlash was swift and severe—so much so that on Feb 7, 2022, the IRS dropped this requirement.
Why the outrage? It’s simple. People no longer feel comfortable trusting something as important as their entire identities to a private contractor. The same holds true for any company or HR department concerned about protecting the security of their systems and processes – let alone those of the partners and vendors with whom they share sensitive, personal information.
That’s why Access Perks is pleased to announce it has completed SOC 2 certification. Because of this, it will be easier than ever to partner with employers across the nation – delivering deep, local savings as an employee benefit.
You may already know the significance of SOC 2 certification. After all, we’ve had a lot of clients ask for it by name. On the other hand, perhaps you haven’t come across the term yet, or only know a little.
Let’s back up and look at the importance of data security, especially when it comes to employee data.
HR: The First Safeguard Against Employee Data Breaches
From the moment they are hired, employees entrust their employers with an extraordinary amount of personal data. This information, if lost, could leave them vulnerable to identity theft, ruined finances and shattered confidence.
They do this because they trust you to safeguard this information and protect it from unauthorized access. Employers have their hands full guarding against malicious outside attacks, inside agents, careless workers and more common reasons for a data breach. After all, no one wants to suffer the same fate as Coca-Cola, Snapchat and Chicago Public Schools have in the past few years. It’s no wonder, then, that most employers require the same level of care from the service vendors they partner with.
The best approach is to vet these relationship with meticulous care, checking and double checking that the vendor has secure measures and procedures in place. Most often, this is a lengthy audit of their system. The process is much quicker if they can simply show you an SOC 2 report.
Why Should Employers Care About SOC 2?
For employers, SOC 2 compliance reports are a shortcut to gaining the confidence needed to share data. It means the vendor has done much of the due diligence beforehand. Businesses are aware of its value because:
- The report verifies that a neutral third party has given a vendor a clean bill of health.
- The audit standards cover security concerns far beyond what most businesses need.
For these reasons, SOC 2 standards are a powerful tool for businesses when engaging with third party service organizations. The AICPA (American Institute of Certified Public Accountants) defines a service organization as an entity that provides a service to another entity, especially in regard to when that service requires the sharing of data. Many employee benefits providers fall into this category, including Access Perks. Many times, in order to deliver on the promised services, those providers will ask for employee information: employee names for verification purposes, email addresses for marketing the benefit, sometimes even financial information if they offer products for sale or paid upgrades.
When a benefit provider or service provider is SOC 2 certified, this can instill confidence and peace of mind when it comes time to share employee data.
In other words, SOC 2 audit reports make it that much easier and quicker to start their people engaging with valuable employee benefits. Employees place great value on benefits that help them achieve financial stability, or that give them the flexibility to nail the ideal work-life balance, or that help them enjoy travel and purchases they couldn’t otherwise afford…
And statistics show high employee satisfaction and engagement lead to 21% higher productivity, 18% higher retention rates and 26% greater annual increase in revenue.
The last thing you want is for sloppy data management to ruin all the good that can come from a successful partnership.
What is SOC2 Certification?
SOC stands for “System and Operational Controls,” and SOC certifications stand as testament to the quality and integrity of those controls.
Any service organization can gain certification that their system and processes meet a high standard. This certification is awarded by an independent CPA (Certified Public Accountant) after an extensive audit.
There are three types of SOC certification, each with a different focus. However, today we’re going to be talking about SOC 2 compliance, which measures how well a business regulates its information and data.
According to the AICPA, the SOC 2 report is “relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”
With a focus on security, Access Perks proved our information systems have the access controls necessary to prevent malicious attacks and unauthorized use, changing or deletion of data. This is through the implementation of firewalls, two-factor authentication, intrusion detection and more.
Access Perks’ Journey Toward SOC 2 Compliance
Access Perks has always been dedicated to information security. “Over the last decade, we’ve grown significantly regarding our security posture,” says Clint Peterson, CTO at Access. “We’ve taken advantage of sophisticated web services and invested in tools that further protect all the applications we run. This SOC 2 certification was the next logical step in our journey toward increased security maturity.”
As more businesses realize the power of discounts in inspiring employee engagement, Access Perks has grown as a business. This growth has allowed us to speak with businesses in new fields, like the financial industry where they have more sophisticated systems and would suffer more consequences were there to be a data breach.
“More and more of our contacts are asking for the SOC 2 report by name,” adds Ryan Marvel, VP of business development at Access Perks, “because it’s such a convenient measuring stick they can use to compare multiple employee benefits vendors at a single glance.”
Before our SOC 2 certification, Access Perks still had the ability to prove its operational integrity. It was just a lengthier process. Each business would send over a unique security questionnaire regarding the technical details of Access’ systems and processes. Those questionnaires could be anywhere from 30 to 150 questions long, and many needed to be repeated yearly.
“Now clients can just check the security box and we can move on to my favorite part of the conversation,” says Marvel. “The part where I show them how other employees are saving hundreds or even thousands of dollars on their purchases.”
Having the SOC 2 report does three things for Access Perks:
- It validates to ourselves that we are operating with integrity and doing right by our clients.
- It saves a lot of time that would otherwise be spent conducting individual audits one at a time.
- It provides a shorter route to client trust.
“It’s like, if I told you I made the most delicious beef wellington in the world, you’d probably want to taste it before you believed,” notes Marvel. “But if Gordon Ramsay put his seal of approval on it, you’d be more apt to take my word for it.”
Next Steps: SOC 2 Type 2 Certification
Currently, Access Perks holds a SOC 2 Type 1 certification. This means that at the time of the audit, the design of Access Perks’ systems and processes complied with SOC 2 trust principles. The rest of 2022 will be an observation period, after which the CPA auditor will assess the operational efficiency of these systems – leading ultimately to SOC 2 Type 2 compliance.
Whereas our current type 1 report is like a snapshot of Access Perks at a point in time, the type 2 report will further prove that we can consistently deliver on our promises of data privacy and security.
This will be an ongoing process, with yearly renewal to keep client’s trust strong.
“Our hope is that this certification will prove we’re serious about integrity and security,” said Peterson. “That way we can help businesses get their employees saving money even faster.”
Would you like to learn more about Access Perks and our commitment to data privacy and security? Request more information here.