Back to blog

Piwik PRO meets the SOC 2 standard

News & releases

Written by

Published September 29, 2022 · Updated May 11, 2023

Piwik PRO meets the SOC 2 standard

We are proud to announce that, after a year of hard work, Piwik PRO Analytics Suite is now SOC 2 type II-certified.

External auditors have confirmed that Piwik PRO Analytics Suite services delivered from Microsoft Azure fulfill the commitments and system requirements based on the trust principle of security. 

Piwik PRO Analytics Suite’s framework of controls examined as part of the audit includes preventing unauthorized access to client data, ensuring service availability within a Service Level Agreement (SLA), and integrity of the data processing within the service, among others.

Meeting the criteria for security by Piwik PRO translates into providing high standards for preventing data breaches, malicious attacks, unauthorized use of assets, and much more.

The process of acquiring the SOC 2 certification took:

  • 11 official SOC 2 workshops
  • 1 week of audit in our office
  • 3 internal audits
  • 107 pages of the report
  • 129 prepared controls

Getting the SOC 2 certification means we are now able to showcase our commitment to data protection through external recognition.

Why SOC 2 is important to us

Getting the SOC 2 certification is a huge milestone for Piwik PRO, as well as for our existing and potential clients. 

Operating in accordance with the best data security practices is our biggest priority. This is why Piwik PRO:

  • partners with select ISO 27001-certified Microsoft Azure, Orange Cloud and Elastx data centers, offering flexible hosting and data location options.
  • helps you meet the requirements of numerous data protection laws from around the world, such as GDPR, CCPA, TTDSG and more.
  • is suitable for industries handling sensitive customer data and allows compliance with HIPAA & EBA’s guidelines.

Piwik PRO has also been ISO 27001-certified since 2018.

What is SOC 2

SOC 2 is a compliance standard dedicated to service organizations established by the American Institute of Certified Public Accountants (AICPA). It’s an international standard for collecting and exchanging information and comprises an assessment of procedures and control processes at an organization.

SOC 2 defines criteria for managing customer data based on five trust service principles:

  • Security 
  • Availability 
  • Processing integrity 
  • Confidentiality 
  • Privacy

In line with specific business practices, each organization designs its own controls to comply with one or more of the trust principles. Outside auditors assess the extent to which a vendor complies with the trust principle(s) based on the systems and processes in place.

That’s why SOC 2 reports that come out of an audit process are unique to each organization. 

These internal reports provide regulators, business partners, suppliers and clients with important information about how a service provider manages data.

There are two types of SOC 2 certification:

  • Type I describes the information security management system and assesses its relevance against standard checkpoints.
  • Type II details the operational effectiveness of the information security management system.

Being compliant with the SOC 2 standard shows a high level of information security and certifies that an organization handles sensitive data responsibly and uses appropriate safety protection measures.

Get in touch with us to learn more about how we fulfill data security requirements and why your data is safe with us – we’re happy to clarify anything you’re unsure about:

Find out how Piwik PRO can help you maintain privacy and security when compromising them isn’t an option:

Author

Małgorzata Poddębniak

Senior Content Marketer

Content marketer and editor with experience in writing about various technical topics, creating research-based, comprehensive articles about the intricacies of web analytics and privacy.

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free

Upcoming live webinar

September 27, 2023

Unlock the power of web analytics data with Piwik PRO Customer Data Platform

Getting your analytics right is crucial, but it’s not enough to just collect data. You also need to activate it. Learn how to put your web and app data into action with Piwik PRO Customer Data Platform (CDP). Get to know the practical and privacy-compliant use cases for reducing cart abandonment, improving customer experience through personalization, recognizing the most profitable clients and more. Find answers to your questions during a dedicated Q&A session at the end of the webinar.

Sign up for this webinar