SOC Compliance

    Our Commitment to Security

    Cover your bases with a file sharing solution that’s SOC 2 Type II certified. With data breaches costing millions of dollars apiece, our platform protects your data as well as your bottom line.

    soc2-badge

    Reduce Your Cybersecurity Risk

    The American Institute of CPAs announced the System and Organization Controls (SOC) framework in 2011 to address the growing cybersecurity risks faced by organizations in a wide variety of industries. 

    The SOC framework enables organizations to better communicate how they detect, prevent, and respond to persistent cybersecurity threats. SOC divides organizations into three different reporting levels. 

    As a service provider, Sharetru is committed to security. The SOC 2 Type II certifications of our SaaS organization, as well as our underlying Cloud Services, provide proof of our commitment.

    The three reporting levels in the SOC framework

    Maintaining SOC 2 compliance is one of the ways that we ensure the safety of your data while minimizing the danger posed by cybersecurity threats, and the high availability of our service. Independent SOC 2 audit reports are available to our existing clients as well as prospective clients with a signed NDA.

    SOC 1 Applies to organizations that provide financial services to their clients, such as payment processors and accounting systems. Sharetru doesn’t provide such services and so SOC 1 is not applicable to us.
    SOC 2

    Establishes controls for organizations that store and transmit customer-owned data, following Trust Services Criteria (TSCs) regarding security, confidentiality, availability, processing integrity, and privacy. Sharetru falls into this category, which is why we have SOC 2 certification.

    SOC 3 Provides the same information as SOC 2 compliance, but is high-level and intended for public release. Sharetru doesn't have a SOC 3 report, but we can provide one at the datacenter layer with a signed NDA.

    Adopt a Secure File Sharing Solution

    Compliance - SOC Foreground Hero

    The importance of SOC 2 Type II compliance is immeasurable. Besides helping to inform your vendor selection and minimizing your risk of third-party breaches, it also demonstrates to your customers, partners, suppliers, and investors how committed to data security our organization really is.

    If you're looking for a secure file sharing solution, it’s critical that you choose one that is SOC 2 Type II certified to protect your data from unauthorized individuals. This is particularly important if you're relying on the cloud to store or transfer any confidential information, even if you’re just sharing a few files.

    With our platform’s Advanced Security and Compliance Enablement Add-on, you can be confident in your SOC compliance as we are SOC 2 Type II certified at each level: IaaS, PaaS, and SaaS.

    What makes the SOC Types different? 

    Both our Standard and Advanced Compliance cloud-based platforms are certified SOC 2 Type II at the cloud infrastructure and platform layers, making it easy to share large volumes of confidential data quickly and confidently on either platform.

    • Type I

      SOC Compliance

      The first stage of SOC compliance entails an audit of the organization’s controls at a single point in time and getting the necessary controls in place within an organization to meet the standards of the framework.

    • Type II

      SOC Compliance

      Service providers who protect their customers’ data will achieve SOC 2 Type II certification by proving that they follow the SOC controls over a period of time by passing a more thorough auditing process.

    SOC Compliance

    The first stage of SOC compliance entails an audit of the organization’s controls at a single point in time and getting the necessary controls in place within an organization to meet the standards of the framework.

    SOC Compliance

    Service providers who protect their customers’ data will achieve SOC 2 Type II certification by proving that they follow the SOC controls over a period of time by passing a more thorough auditing process.

    Built on a Foundation of Compliance

    We follow critical industry compliance standards to ensure your data is protected. SOC 2 standards are based on the Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

    ShareTru Icons_Protect Data and Systems
    Security Protect Data and Systems

    Our platform keeps data and systems protected from unauthorized access and disclosure of information, as well as damage to systems that could potentially jeopardize our ability to meet our cybersecurity objectives.

    ShareTru Icons_FTP - FTPS - SFTP Compatibility
    Availability Ensure Accessibility

    We ensure that all of our systems and data are readily available for operation and use to meet our objectives by deploying lightning-quick disaster recovery methods and a robust incident response when necessary.

    ShareTru Icons_Support Smooth Operations
    Processing Integrity Support Smooth Operations

    Processing integrity refers to a system’s unimpaired performance. The standards we hold ourselves accountable for meeting help us keep our data processing activities timely, accurate, valid, authorized, and complete.

    ShareTru Icons_Maintain Effective Cloud Security
    Confidentiality Maintain Strict Secrecy

    We closely guard all confidential data to provide a secure file sharing experience. With a suite of advanced security features like role-based access control, firewalls, and more, our platform keeps information classified.

    ShareTru Icons_Safeguard Personal Information
    Privacy Safeguard Personal Information

    This criterion concerns personal information and its collection, use, retention, disclosure, and disposal. Our privacy policy ensures all personal data is secure and that our clients can access and change their data should the need arise. 

    What’s Involved in a SOC Audit?

    A SOC 2 Type II audit is a thorough, lengthy process that’s divided into three parts: document review, personnel interviews, and onsite inspections. By passing the audit, Sharetru has proven that we go the distance to protect our customers.

    Document Review

    A team of auditors thoroughly reviews our system documentation, examining policies, procedures, and all aspects of our service delivery model.

    Personnel Interviews

    The auditors conduct interviews with key personnel in our organization to verify that we’re properly following the necessary processes and procedures.

    Organizational Inspections

    The audit team requests information regarding our datacenter partner's physical facilities and hardware as well as information from Sharetru regarding our software, policies, logging, network configuration, and software.
    sharetru-symbol-white

    Ready to Share With Confidence?

    You don’t have to take our word for it. We’ve been leading the charge in secure online file sharing since the very beginning, and we’d love to show you how we do it. Schedule your demo today.

    Book Your Demo