<img src="https://ws.zoominfo.com/pixel/UFH1H1ydGvMVOr12BP8x" width="1" height="1" style="display: none;">
Torii logo white Torii logo
  • Solutions
    • Shadow IT
    • SaaS Onboarding & Offboarding
    • SaaS Spend Optimization
    • SaaS Renewal & Vendor Management
    • Torii for Procurement
  • Platform
  • Integrations
  • Customers
  • Resources
    • Torii Learning Center
    • Torii Blog
    • Webinars
Watch Demo
Get Started  
Careers
Support
Log in
Life at Torii
Torii - SaaS management for Modern IT

Now it is official - Torii is SOC 2 Type II compliant!

SaaS-management, Security, Compliance,

SOC2_BLOG2

We are super excited to announce that we have successfully completed the System and Organization Controls (SOC) 2 Type II Audit examination for our Torii platform.

From day one, security and compliance have been top of mind for our product and development teams. Since Torii manages mission-critical SaaS applications and the data inside them, there was just no question about it. That being said, undergoing an independent third party audit and being officially certified confirms that the product and services Torii provides are mature, robust, and secure and that we are actively creating an organization that supports these goals 🚀.

It also means that our software development processes and practices meet required levels of oversight and monitoring, so that we can proactively monitor, identify and address any unusual activity, remediate it with deep contextual insight, and take corrective actions, if and when they are needed

SOC 2 is a certification developed by the American Institute of Certified Public Accountants (AICPA) that provides a way to measure the operating effectiveness of a company’s controls as they relate to Security, Availability and Confidentiality. 

Preparing for SOC 2 is a company-wide effort. To succeed you need the full support of everyone on the team. It was with that support and dedication that we were able to enter our observation period this year and come out the other side with no exceptions noted.

Takeaways

SOC 2 is becoming the golden standard technology companies must meet today. It applies to nearly every SaaS company, as well as any company that uses the cloud to store its customers’ information. So, along with celebrating this accomplishment, we want to share some observations we made along the way.

We hope that it may help our customers, partners and anyone else looking to take on SOC 2.

Today is as good as any day

For a young, 20-employee company, embarking on the SOC 2 compliance journey may be daunting. It is a time-consuming process that involves almost every aspect of the way you develop your product and conduct you business, making sure that all your ongoing internal practices and procedures are compliant.

But instead of referring to it as a hurdle, we soon realized that, in fact, being a young, agile company was in our favor. Being able to craft things ‘as they should be’ at a very early stage is obviously easier than fixing long-lived ill processes; having all the folks on board, and committed to the success of the process, as is the case in young companies, makes the implementation of any necessary change a breeze. So instead of delaying the challenge, we viewed it as an integral part of our top-priority tasks for the year, and got it over and done with in no time.

Compliance is just the mean, not the goal

Compliance is just one part of the business. It is not the end goal. Neither security nor compliance should run your business or set its goals. Designing good controls means understanding how the business works and then finding creative ways to add those controls into existing workflows. Forcing new work methods in the name of compliance is a dangerous game and, in most cases, not a promising path to follow. You are welcome to introduce some procedural changes, but it’s up to you to make sure you don’t slow down the people who are doing their jobs.

It is not a one-time process but a way of living

The idea here is that the SOC 2 audit isn’t a one-time test, run by going through a checklist. Make sure you truly internalize the policies and procedures you commit to, making them a real part of your corporate attitude. We like to think of it as a marathon rather than a sprint, and as any experienced marathon athlete knows, you are never really done, not even when you cross the finish line. In the back of your mind you’re already evaluating what you could have done differently and how you can improve at your next practice and on your future run.

Automation is the key

The whole idea behind audits and certifications like the SOC 2 is implementing clear procedures and controls. Managing the influx of the information your organization produces every day is a task of its own, where you can hire an army of people, build a troop of robots, or anything in between.

We chose the latter. For us, this was an easy decision as we preach automation and control to the Torii users. So, the same procedures and mind set that we used to plan and develop the Torii platform were applied to the SOC 2 audit planning process. These procedures and principles also form the foundation of the way we run our business and have proved incredibly valuable to the overall process. We built the automation with auditability in mind so that when we have to show what’s going on or prove that a certain procedure is practiced, we just issue the right report.

What's next?

This is just the beginning. Proving that we have the right processes and procedures in place, we now have our sights on additional certifications. We are going full steam ahead because we believe that compliance and security are important drivers for developing our practices to ensure the highest quality of product and services for our customers. Processes like the SOC 2 audit make Torii a much more robust and mature organization with functional, repeatable, and scalable controls.

We are incredibly proud of this accomplishment and we are even happier to be able to share it with everyone. If you are a Torii customer and would like a copy of our report, please contact your account manager.

 

 
Author: Uri Nativ
Co-founder, CPO
Uri Nativ has over 19 years of software engineering experience as both an engineer and a hands-on manager. He founded the Klarna Engineering center in Tel-Aviv, holding the position of VP Engineering & Site Manager. Uri has broad experience building B2B enterprise products from his days at VMWare, EMC, nLayers, and Sanctum.

More to read

Torii Launches Advanced SaaS Management & Cost-Saving Capabilities for Distributed Workplaces
Cost saving,  Press Release,  Distributed SaaS Management
Janice Bedsole
Feb 1, 2023
New Advancements for Distributed SaaS Management: How Torii Empowers the Whole Team
Distributed SaaS Management
Janice Bedsole
Jan 31, 2023
Closing the Loop: How IT Can Administer Systems Outside Their Control
IT Management
Uri Haramati
Jan 26, 2023
What is SaaS Management?
SaaS-management
John Baker
Jan 25, 2023

Get your demo today

Now you can control, manage, and save money on the SaaS being used by your company. Let us show you what Torii can do for you.

Request a demo
Torii_logo_new

contactus@toriihq.com

(929) 357-1875

Platform

  • Platform Overview
  • Solutions
  • Integrations

Solutions

  • Shadow IT/ App Discovery
  • SaaS Spend Optimization
  • SaaS Onboarding & Offboarding
  • SaaS Renewal & Vendor Management

Security

  • Terms
  • Security and Privacy

Company

  • About Us
  • Customers
  • In the News
  • Careers
Request a demo
© 2023 Torii | Terms of use | Privacy Policy | Cookie Policy