Some of the most innovative companies in the world—across industries like e-commerce, finance, and technology—trust Assembled to help them deliver exceptional customer support at scale. For companies like Stripe, Harry's, and GoFundMe, security and compliance is more than just a box-ticking exercise—it's an extension of their end users' trust. Moreover, Assembled has "grown up" in a world with data protection and privacy regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
As a result, we've prioritized building with best practices from day one, from securing our platform to implementing mature internal processes. Today, we're pleased to announce our SOC 2® Type II certification along with a number of other security features.
For the period June 1, 2020 to November 30, 2020, The Cadence Group, an industry-leading advisory and compliance specialist, reviewed our practices and controls. After a thorough examination, we've received a SOC 2 Type II report indicating our compliance with the "Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy" as laid out by the American Institute of Certified Public Accountants (AICPA).
In short, the SOC 2 report is the end result of a detailed AICPA assessment of the security, availability and integrity of the systems that an organization uses to process user data as well as the privacy and confidentiality of that information. It considers how privacy and security issues—from user-facing interfaces like two-factor authentication and access control to back-end processes like encryption, incident handling and performance monitoring—impact Assembled and provides crucial auditing of our existing systems.
As part of this process, we've engaged or expanded our presence with a number of best-in-class providers to harden our security and compliance program:
In addition to changes made within the scope of SOC 2 compliance, we've also made a number of major improvements to the security and stability of our platform. Many of these are invisible but help keep our systems and your user data safe, including upgrades to our backup infrastructure and a rollout of cross-site request forgery (CSRF) tokens, which prevent a class of exploits that abuse certain functions of web browsers.
Some of these are user-facing, such as support for Single Sign-On (SSO) via Google, which is accessible from our Login page.
You can view the results of all our work at our status page, which displays live and historical uptime, at https://status.assembled.com/.
No single certification or examination represents the end of our commitment to privacy and safety. Aside from continuing to maintain our existing certifications, we’re also constantly making changes to improve our security and compliance posture. You can follow along with our dedicated, evergreen Security page.