Passing the SOC 2 Audit for 2021: Lytics helps make sense of your customer data and your legal data protection obligations

“No exceptions noted.”

That may not sound like big news worth celebrating, but when it comes from security auditors in the SOC 2-world, it’s the sweetest sound you can hear.

The findings were clear, over and over, almost two hundred times in regard to criteria that span everything Lytics does: “No exceptions noted.” That means, “Awesome job!” in auditor-speak.

What is SOC 2 and why is compliance important?

Affectionately known as “sock two,” the Service Organization Controls 2 – Type II (SOC 2) audit is a thorough and exhaustive annual review done by the American Institute of Certified Public Accountants of system controls relevant to the “Trust Services Categories,” which include Security, Availability, Confidentiality, and Privacy. (In Lytics’ case, the “Processing Integrity” category does not apply, because we don’t process payments.)

In more digestible terms, SOC 2 is where auditors look at Lytics’ legal policies and procedures, they examine evidence from across Human Resources, Engineering and Finance, and they examine Lytics’ technical systems and measures put in place to ensure Lytics meets the standards for customer data protection.

AICPA auditors ultimately measure our business against a litany of checkpoints to see if Lytics is doing what it should be doing. And Lytics for the third year in a row proved it deserves its passing marks for the year 2021. It’s a very big accomplishment, even if it does come in an understated package: “No exceptions noted.”

Lytics takes trust, privacy, and security seriously

Lytics is focused on protecting all the customer data entrusted to it and respecting privacy. As a service provider and data processor, we assist our customers in enhancing security and meeting privacy and data protection obligations, including not just SOC 2 audit compliance, but also helping facilitate your organization’s compliance with applicable laws like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA).

We provide security at our system and application layers by maintaining appropriate administrative, physical and logical data protection safeguards. We train our personnel on privacy requirements and best practices. And our cloud service provider, Google, secures its infrastructure and data centers, allowing Lytics customers to benefit from Google’s data infrastructure and security controls, which are second to none.

Furthermore, each Lytics customer maintains control over which Personal Identifiable Information sources and destinations to use with Lytics, as well as the types and content of the information shared between its sources and destinations.

Learn more from the Lytics Trust Center

Just as Lytics publishes online resources like Learn.Lytics.com to guide our customers on how to get the most out of our products, we also publish a similar guide for customers on why they can trust Lytics when it comes to consumer data protection: the Lytics Trust Center. It’s where you can find out about all our compliance framework—including security, privacy, GDPR compliance, SOC 2 certification and more.

Lytics is not only obsessed with offering customers our SaaS products, but we are also obsessed with offering our assurance of trust and security. We view privacy compliance as a shared responsibility, and one that requires the attention and dedicated efforts of Lytics and our customers, working together.

The 2021 SOC 2 audit is just another way Lytics has started 2022 with trust as our standard. Learn more about how Lytics can help you gain real-time insights from your data, while also meeting your legal obligations to your customers every step of the way.