Prodoscore holds SOC 2 Type 1 and Type 2 certification, demonstrating a commitment to security, availability, processing integrity, confidentiality, and privacy. This article explains what SOC 2 means and how it protects your organization.

What is SOC 2?

SOC 2 (Service Organization Control) is an audit standard developed by the American Institute of Certified Public Accountants (AICPA). It evaluates whether a service provider (like Prodoscore) has implemented appropriate controls over the security, availability, processing integrity, confidentiality, and privacy of customer data.

Type 1 Certification: Assesses the design of controls at a specific point in time (a snapshot audit). It verifies that Prodoscore has designed appropriate security controls.

Type 2 Certification: Evaluates the operational effectiveness of those controls over a period of time (typically 6-12 months). It verifies that controls actually work in practice, not just in theory.

Prodoscore holds both Type 1 and Type 2 certification, meaning our controls are both well-designed and effective.

Five Trust Service Principles

SOC 2 audits verify compliance with five core principles:

1. Security (CC)

The system is protected against unauthorized access, use, disclosure, disruption, modification, or destruction. This includes:

• Access controls (authentication, authorization, role-based access)
• Encryption (in transit via TLS, at rest via AES-256)
• Network security (firewalls, intrusion detection)
• Vulnerability management and patch management
• Monitoring and alerting for security incidents

2. Availability (A)

The system is available and operational when needed. Prodoscore commits to:

• 99.9% uptime SLA (meaning max 43 minutes downtime per month)
• Redundant infrastructure across multiple data centers
• Automated failover and disaster recovery
• Regular backup and restoration testing

3. Processing Integrity (PI)

Data is processed completely, accurately, timely, and authorized. This means:

• Data completeness (all expected data is captured)
• Data accuracy (data is recorded correctly)
• Timeliness (data is available when needed)
• Authorization (data processing is only done when authorized)

4. Confidentiality (C)

Information designated as confidential is protected from unauthorized disclosure. Prodoscore:

• Encrypts sensitive data in storage and transit
• Implements access controls limiting who can view data
• Uses role-based access (admins see only their assigned teams)
• Logs all data access for audit purposes

5. Privacy (P)

Personal information is collected, used, retained, and disclosed in accordance with privacy principles and regulations. Prodoscore:

• Complies with GDPR (right to access, correct, delete data)
• Provides data export and deletion mechanisms
• Limits data collection to what is necessary
• Maintains clear privacy policies
• Does not share customer data with third parties without consent

Requesting Your SOC 2 Report

Your organization can request a copy of Prodoscore's SOC 2 report to review in detail. SOC 2 reports are typically restricted documents (cannot be shared publicly), and vendors require a Non-Disclosure Agreement (NDA) before sharing.

To request a SOC 2 report:

Annual Audit Cycle

Prodoscore undergoes annual SOC 2 audits conducted by a third-party auditor. New audit reports are issued each year, ensuring that our controls remain current and effective as our product and infrastructure evolve. You can view our current certification status and request the latest report from Prodoscore support.

Compliance Timeline

If your organization requires SOC 2 verification as part of vendor onboarding, request the report early in your evaluation process. Plan for:

• 1-2 business days for Prodoscore to confirm your NDA and prepare the report package
• 5-10 business days for your IT/security team to review and provide feedback
• Allow time for legal/procurement to review any additional agreements