Yellowfin Achieves SOC 2 Type II Compliance
Yellowfin, a world-leading and innovative analytics vendor, today announced it has received its Service Organization Control for Service Organizations (SOC 2) Type II certification, as part of its mission to provide the highest standards of quality across international compliance, regulations and security for its global customers and their data. The report, issued August 12, confirms Yellowfin’s Business Intelligence suite’s release, development, and support are protected by sound company-wide solid operating and security controls, and provide assurance of meeting its service commitments and system requirements.
The independent audit was conducted by K Financial, a licensed Public Accounting firm and certified specialist in SOC reporting registered with the American Institute of Certified Public Accountants (AICPA). SOC 2 Type II reports are a standard developed by the AICPA to ensure protection of customer data, and establish a software organization’s reliability and credibility by testing for five trust principles – security, availability, integrity, confidentiality and privacy – each measured by a set of controls and testing standards from the AICPA Trust Services Criteria.
“Customers and partners need comfort that their information and analytics workloads are operating with a trusted software vendor. As software developers, we both must comply with external industry regulations/expectations and operate a secure and compliant company at all levels internally,” said Justin Hewitt, COO and co-founder of Yellowfin.
Type II is more meticulous than Type 1 and covers the day-to-day operations and details of established security controls and policies, to ensure companies rigorously apply and adhere to those standards without exceptions. Yellowfin’s SOC 2 assessment noted only two low exceptions, which is above normal for companies undertaking their first SOC 2 audit. To achieve this result, Yellowfin prepared for 12 months before the six month review period started with its auditors to take a different approach to compliance – one that did not wait for customer demand.
“We saw this standard as an opportunity to have a high trust external review of our company operations to gain the compliance and confidence check that we are on the right path,” said Hewitt. “In our preparation phase, we documented and tested many procedures and systems, removed subpar software and systems, and replaced them with better ones to ensure they would stand up to testing. By achieving this, we’ve demonstrated our ability to design and implement sound company-wide security controls, tight operating practices, and policies to independent auditors and our customers.”
The report is now available for customers and prospects as part of their evaluation of Yellowfin. By completing this process, Yellowfin re-affirms its commitment to providing assurance and transparency that its incident response, recovery plan and implemented controls are designed for and actively ensure the highest level of security and compliance based on international regulatory standards, so that customer data always remains private and confidential.