TUNE has completed another successful audit of its system and organization controls, assuring the availability, processing integrity, security, confidentiality, and privacy of customer data. This latest audit marks another year that TUNE has earned both SOC 2 Type 2 certification and SOC 1 Type 2 certification.
What Is a SOC 2 Audit?
SOC stands for System and Organization Controls, a suite of services provided as part of the reporting platform of the American Institute of CPAs (AICPA).
Essentially, a SOC 2 audit examines and evaluates the operational controls of a business. This audit requires a company to document and adhere to comprehensive information security policies and procedures, among other responsibilities. The resulting report gives interested parties, such as prospects and customers, additional information and insight to make a decision about working with that business.
What Is a SOC 1 Audit?
SOC 1 audits focus on user entities, testing their relevant internal controls over financial reporting system design and operating effectiveness. We view SOC 1 audits and other periodic third-party reviews as a valuable resource to help enhance our current product and operations, especially when they address both the TUNE platform and TUNE Pay, our payments system.
What Is a Type 2 Report?
To earn a Type 2 report, a company must undergo testing over an extended period of time. Type 1 reports, on the other hand, test only a single moment in time. TUNE’s usual audit period for SOC 2 and SOC 1 covers 12 months, demonstrating our ongoing effort to uphold the Trust Services Principles.
TUNE has always voluntarily pursued the more demanding and comprehensive Type 2 report rather than the Type 1 report. Type 2 reports for both audits signal that our customers can expect high standards across TUNE’s operational, data security, and privacy practices, as well as stringent change management controls throughout our software development life cycle.
Our Commitment to Our Customers
Using an independent third-party to audit these controls is an investment companies do not take lightly. A SOC audit is, by design, an intrusive, time-consuming process designed to test a company on a variety of levels, necessitating active employee engagement and diligence across a broad swath of the organization. It’s a difficult process with a valuable payoff for our customers, and therefore one we are proud to undertake.
As with our prior SOC audits, TUNE’s auditors determined that our controls were effectively designed and followed throughout the audit period. We intend to sustain our investments in customer-centric compliance in the years to come to protect both our business and the businesses of our customers.
Relevant portions of both reports are available upon request to [email protected] for TUNE customers as well as prospects under a current non-disclosure agreement.
Author
Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she handled content strategy and marketing communications at several tech startups in the Bay Area. Becky received her bachelor's degree in English from Wake Forest University. After a decade in San Francisco and Seattle, she has returned home to Charleston, SC, where you can find her strolling through Hampton Park with her pup and enjoying the simple things in life.
