.svg)
At Sapien, the security of our team members’ & clients’ data is a fundamental priority woven into the very fabric of our operations. As a testament to this commitment, we initiated our SOC 2 Certification observation period within the first year of our establishment. While we have not yet completed the certification, the steps we’ve taken toward it have already begun to enhance our security posture, solidifying our dedication to safeguarding the information entrusted to us.
Beginning the SOC 2 Observation Period: A Key Step Forward
SOC, which stands for System and Organization Controls, is a framework for best practices for a particular operation, with a report to attest to its compliance. A SOC 2 report details an organization’s information security posture and the controls it has in place to protect its customer data.
The SOC 2 framework guided us through the establishment and refinement of technical and operational controls across our operations and infrastructure to further strengthen the security of our customer data. Sapien has chosen to obtain a SOC2 Type II report, which will require us to undergo an assessment of these controls over a period of time (observation period) to ensure their effectiveness. The beginning of our SOC 2 observation period is a significant milestone in our security progress.
For all of us at Sapien, SOC 2 compliance is more than just a goal—it’s a process that aligns with our fundamental values of security and continuous improvement.
Security as a Core Principle
From day one, we have prioritized the integration of security into every aspect of our operations. The decision to begin our SOC 2 compliance process underscores this commitment, as it drives us to continuously assess and enhance our security practices. To be able to begin our SOC2 observation period, we have introduced a variety of controls designed to protect our client’s data and ensure the integrity of our systems.
To protect client data stored within our systems and transmitted across networks, we have implemented secure encryption techniques and access controls based on the need-to-know and least privilege principles.
To stay ahead of any potential threats, we rely on an Intrusion Detection System, continuous monitoring tools, and a comprehensive vulnerability management process.
In our commitment to proactive security management, we have established a comprehensive risk management program that helps us identify, assess, and mitigate potential risks before they can impact our operations or clients.
Fostering a Culture of Security
Security at Sapien is a shared responsibility; it is a set of practices and a core value embedded in our organizational culture.
To foster a culture of security, we require all Sapien team members to undergo comprehensive security training as part of their onboarding process, with mandatory periodic refresher courses to ensure that everyone in our organization understands their role in protecting client data.
Recognizing that our security is strong as our weakest link, we have instituted a stringent vendor management program. This program involves vetting our third-party vendors to ensure they meet our high standards for security and privacy.
This holistic approach to security, encompassing both our internal operations and our external partnerships, is central to our ongoing efforts to maintain our SOC 2 compliance.
Looking Ahead
As we continue through our SOC2 observation period, we remain dedicated to strengthening our security practices in alignment with industry standards. While we are still in the early stages of our journey, the steps we have taken so far have laid solid foundations for ongoing improvement.
Security has been at the heart of Sapien from the very beginning, and as we progress through the SOC2 audit process, we will continue to build on this foundation. Our ultimate goal is to provide our clients with the complete assurance that their data is safe with us - not just today, but as we grow and evolve in the future for years to come.