Today, we’re pleased to announce that Poka is compliant with the Service Organization Controls (SOC) 2 Type 1 from AICPA, one of the most sought after security attestations for SaaS providers.

By complying with SOC 2 Type 1, we are assuring our customers that Poka is following strict information security policies and procedures to protect their data.

What is a SOC 2 Report?

Our SOC 2 report provides assurance that Poka’s information security program and control environment are compliant with the Trust Services Criteria developed and maintained by the AICPA. The report helps companies looking to use a cloud service like Poka to properly assess and address the associated risks.

The audit demonstrates what controls Poka has implemented, covering organisational and technical aspects. This includes access management, encryption, code changes and deployment, monitoring, vulnerability management, incident management, risk management, human resources management, vendor management, and more.

Poka’s SOC 2 Type 1 report is available under NDA to all our existing and potential customers. Please contact Poka's InfoSec team at infosec@poka.io to request a copy.

Security Is Our On-Going Priority

While we are proud of this important milestone, security is an on-going effort. That’s why we are continuously improving our information security program and incorporating best practices across our organisation and SaaS offering. We are committed to completing our SOC 2 Type II report in 2019, which will further validate the effectiveness of our control environment over time.

In addition to being SOC2 Type 1 compliant, Poka adheres to the guidelines set forth by the Cloud Security Alliance (CSA), the Consensus Assessments Initiative Questionnaire (CAIQ), the EU General Data Protection Regulation (GDPR), and the Canadian Controlled Goods Program.

New Options for Access Control

We are equally happy to announce new options for managing user access to Poka. Customers have already been able to integrate the platform with their corporate credential directories via SAML for Single Sign-On (SSO). Now, customers will be able to automatically provision and deprovision Poka users from their central Identity Management system based on System for Cross-domain Identity Management (SCIM) specification - an open standard used by identity providers and Single Sign-On (SSO) services to manage user accounts across of SaaS providers, including Poka. This feature supports the provisioning of new users, updating user attributes, searching for users and de-provisioning existing users.

To learn more about security, privacy and compliance at Poka, visit https://www.poka.io/en/trust

Poka is Now SOC 2 Type 1 Compliant