SOC Compliance

Compliance At StackState

On this page, you will find information about:

  • System and Organization Controls 2 (SOC 2) and SOC 3

    • How to request the SOC reports

  • Links to StackState's other disclosure policies (Privacy Policy, Cookies Policy and Responsible Disclosure)

System and Organization Controls (SOC 2/SOC 3)

StackState is both System and Organization Controls (SOC) 2 Type 2 and SOC 3 compliant. SOC 2 compliance is achieved by a company undergoing a rigorous, independent third-party audit examining its processes for achieving key compliance controls and objectives. The SOC 3 report is a summary of the SOC 2 audit findings.

SOC 2 and SOC 3 reports are both attestation examinations. The main difference is the SOC 2 report is a restricted use report and the SOC 3 report is a public-facing report.

You can download our SOC 3 report directly from this page. However, the SOC 2 report is only available under NDA (submit a request for the report, below).

SOC 2 Overview

SOC 2 compliance demonstrates that an organization has key controls and objectives in place to safeguard information and attests to the effectiveness of those controls. SOC 2 reports are a globally recognized standard that are based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of the report is to assess an organization’s information systems relevant to five trust criteria: security, availability, processing integrity, confidentiality and privacy of information and systems. The SOC 2 attestation is renewed annually.

The SOC 2 report is a highly detailed report containing confidential information about the security controls StackState has in place. StackState will supply customers and prospects with its SOC 2 report only once a fully executed StackState NDA is in place. The SOC 3 report is a public-facing report and is available directly from the StackState website.

The SOC 2 report concludes with the audit firm's opinion, which describes the organization’s systems and assesses the fairness of the organization's description of controls. The audit firm’s opinion also evaluates whether the organization's controls are designed appropriately, were in operation on a specified date and were operating effectively over a specified time period. The SOC 2 attestation is renewed annually. 

Upon request, StackState will supply customers and prospects with a summary copy of StackState’s annual audit report, which will be deemed confidential information and only provided once a fully-executed StackState NDA is in place.

Other StackState Disclosure Policies: Privacy, Cookies and Responsible Disclosure 

In addition to SOC 2/SOC 3, we have three other protocols related to security, compliance and privacy: 

  1. Privacy Policy - Our privacy policy explains what we do with the information we collect about people visiting our website(s).   

  2. Cookies Policy - Our Cookies Policy describes our information collection and use practices.   

  3. Responsible Disclosure - Our Responsible Disclosure process is the process to follow for reporting vulnerabilities to us.

Request the StackState SOC 2 Report