AODocs’ SOC 2 Certification Journey with KirkpatrickPrice

by KirkpatrickPrice / June 24th, 2016

AODocs is an enterprise document management solution that has grown rapidly over the past few years; our solution now solves business challenges for over 500 enterprise Google Apps customers, ranging from small startups to Fortune 500 companies. Recently, AODocs received their SOC 2 certification with the help of KirkpatrickPrice, and we are proud to be the only enterprise document management solution on Google Drive with a SOC 2 certification.

We grew nearly tenfold in the last two years and we were grateful for the guidance of KirkpatrickPrice who taught us best practices during that time. Working with the KirkpatrickPrice auditors not only helped us validate the robustness of our architecture, but also gave us a framework to set up processes that our organization needed in order to mature.

Why did we pursue SOC 2 Certification?

Security has always been paramount to us, even before undergoing the SOC 2 certification audit. We knew that it would be beneficial for our customers to have an independent verification of our security practices, both for their peace of mind and their own compliance strategy.

The Service Organization Control 2 (SOC 2) is an auditing standard that not only verifies controls and processes, but also includes a written attestation by a CPA regarding the design and operating effectiveness of the controls being reviewed. KirkpatrickPrice audited our internal policies and processes, and validated our compliance with the SOC 2 Trust Services Principles.  The audit included a full assessment of AODocs software, people, procedures, and infrastructure (AODocs runs on Google Cloud Platform, which is also SOC 2 certified).

The resulting SOC 2 report is one of the gold standards of security for cloud technologies. In fact, organizations faced with compliance requirements around sensitive data can leverage AODocs’ SOC 2 certification as part of their compliance strategy. AODocs helps many organizations comply with regulations and standards such as ISO 9001, ISO 14001, OHSMS, OHSAS, and others. Now, with our SOC 2 certification, customers have one more reason to trust AODocs with their business critical documents.

Getting a SOC 2 certification was a lengthy process, but completely worth it. Of course using AODocs makes going through audits much easier, which also contributed to making this a positive experience for us.

Why Should Customers Care that SaaS Companies Have a SOC 2 Certification?

Companies moving their documents to the cloud often have legitimate concerns about the security of their sensitive information. Certifications like SOC 2 provide them with an independent assurance that the platform they are choosing offers the level of confidentiality they require for their business, as mentioned here. We, at AODocs, have found this to be true.