January 19, 2018
UserZoom becomes the first usability company to meet SOC2 compliance
AICPA is the organization responsible for regulating SOC2 audits
In the world of UX insights, keeping users’ data private and secure is at the top of our priority list. Which is why we are proud to announce that as of Q4 2017 UserZoom has successfully passed and been certified with the “SOC2 Type 1” security rating by Coalfire. Coalfire is one of the leaders in Cybersecurity, with customers such as 3M, Concur, Intel, LexisNexis, and GoDaddy among others.
At the end of the day, being compliant with SOC2 certifies that our customers can trust us for safeguarding their data. We’re also proud to announce that UserZoom is the first usability company to meet SOC2 compliance. By achieving this certification, UserZoom has taken a great step forward in leading the UX sector in terms of platform security.
SOC2 is a compliance framework that helps companies hosted in the Cloud demonstrate they are compliant with certain controls related to security and confidentiality, among others. In particular, it provides their customers with an objective and independent third party review to measure how secure a potential service provider is.
SOC2 certification consists of 5 Trust Service Principles (TSP): Security, Availability, Processing integrity, Confidentiality and Privacy. This certification process lasted 6 months, however, it is the culmination of the hard work performed during the last 7 years and proves how focused we’ve been on security at UserZoom, both in our platform and in the processes of the company.
Since the inception of the company security has always been a top priority for UserZoom. The proof is that we have a Security Department that’s led by one of our founding VPs, that’s formed by specialist IT Security Engineers, as well as the fact that security is completely integrated into the development process within our Engineering Department.
The goal of our Security Department is to take care of how UserZoom manages information and security, and to provide our customers with outstanding safety while using our services. Working side-by-side with the R&D Department allows UserZoom to build everything with security in mind from the outset.
Data handling: One of the greatest security concerns that customers always have is how we store their data. Two key factors are:
Hosting infrastructure: UserZoom hosts data on a private cloud in Rackspace, an industry leader in the IaaS sector, which guarantees service availability and provides reliability to UserZoom with respect to its clients.
Penetration Testing and OWASP Top 10: Besides going through several internal and external security pentest audits, we undergo an annual Third Party Pentest with a well-known Company such as the NCCGroup.
Vulnerability scans: We perform a vulnerability scanner every 30 days to all our systems to check for security issues. In the event an issue is detected, we have a remediation plan in place to correct the issue with high priority.
Risk assessment: The Security Team carries out and maintains a risk assessment every time a potential issue is identified. It can be, for instance, due to the hiring of a new vendor or because an internal procedure has room for improvement.
Single Sign-on (SSO): UserZoom offers its customers the possibility to integrate the platform with customer’s login system. It is a value-added feature that provides an easier and more secure credential management.
Security documentation: We provide all our customers with the UserZoom Security Whitepaper, which is an updated and comprehensive document that contains useful information related to our security procedures and policies.
Additional certifications: Prior to SOC2, UserZoom has been awarded with further certifications:
For us this is not where we stop – it is merely the most recent major milestone, one of many which we’ve pursued and accomplished to date. In the words of Jordi Ibáñez, UserZoom’s VP of Security, “This milestone enhances UserZoom’s leadership in the UX sector by including Security in its roadmap as a key factor, and clearly demonstrates our commitment to privacy and security.”