Piwik PRO meets the SOC 2 standard

Written by Małgorzata Poddębniak

Published September 29, 2022

We are proud to announce that, after a year of hard work, Piwik PRO Analytics Suite is now SOC 2 type II-certified.

External auditors have confirmed that Piwik PRO Analytics Suite services delivered from Microsoft Azure fulfill the commitments and system requirements based on the trust principle of security.

Piwik PRO Analytics Suite’s framework of controls examined as part of the audit includes preventing unauthorized access to client data, ensuring service availability within a Service Level Agreement (SLA), and integrity of the data processing within the service, among others.

Meeting the criteria for security by Piwik PRO translates into providing high standards for preventing data breaches, malicious attacks, unauthorized use of assets, and much more.

The process of acquiring the SOC 2 certification took:

  • 11 official SOC 2 workshops
  • 1 week of audit in our office
  • 3 internal audits
  • 107 pages of the report
  • 129 prepared controls

Getting the SOC 2 certification means we are now able to showcase our commitment to data protection through external recognition.

Why SOC 2 is important to us

Getting the SOC 2 certification is a huge milestone for Piwik PRO, as well as for our existing and potential clients.

Operating in accordance with the best data security practices is our biggest priority. This is why Piwik PRO:

  • partners with select ISO 27001-certified Microsoft Azure, Orange Cloud and Elastx data centers, offering flexible hosting and data location options.
  • helps you meet the requirements of numerous data protection laws from around the world, such as GDPR, CCPA, TTDSG/TDDDG and more.
  • is suitable for industries handling sensitive customer data and allows compliance with HIPAA & EBA’s guidelines.

What is SOC 2

SOC 2 is a compliance standard dedicated to service organizations established by the American Institute of Certified Public Accountants (AICPA). It’s an international standard for collecting and exchanging information and comprises an assessment of procedures and control processes at an organization.

SOC 2 defines criteria for managing customer data based on five trust service principles:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

In line with specific business practices, each organization designs its own controls to comply with one or more of the trust principles. Outside auditors assess the extent to which a vendor complies with the trust principle(s) based on the systems and processes in place.

That’s why SOC 2 reports that come out of an audit process are unique to each organization.

These internal reports provide regulators, business partners, suppliers and clients with important information about how a service provider manages data.

There are two types of SOC 2 certification:

  • Type I describes the information security management system and assesses its relevance against standard checkpoints.
  • Type II details the operational effectiveness of the information security management system.

Being compliant with the SOC 2 standard shows a high level of information security and certifies that an organization handles sensitive data responsibly and uses appropriate safety protection measures.

Get in touch with us to learn more about how we fulfill data security requirements and why your data is safe with us – we’re happy to clarify anything you’re unsure about:

Find out how Piwik PRO can help you maintain privacy and security when compromising them isn’t an option: