Security compliance and certifications
BigAnimal adheres to the following security standards and certifications:
SOC 2
Service Organization Controls (SOC) 2 is an auditing procedure that ensures service providers securely manage their customer data. Service providers can securely manage their customer data by protecting the interests of the customer’s organization and the privacy of its clients. SOC 2 defines criteria for managing customer data based on up to five trust service principles: security, availability, processing integrity, confidentiality, and privacy.
SOC 2 reports are unique to each organization. In line with specific business practices, each designs its own controls to comply with one or more of the trust service principles. BigAnimal is assessed on security, availability, and confidentiality trust service principles.
A SOC 2 report arrives in two formats:
Type I
SOC 2 Type I classification describes a vendor’s systems and whether their design is suitable to meet relevant trust principles. Type I focuses on the policies and procedures in place at a specific moment in time.
Type II
An SOC 2 Type II report assesses the effectiveness of security processes controls over time by observing operations for a minimum of six months. Like Type I, a Type II report is also an internal controls report capturing how a company safeguards customer data and how well those controls are operating.
GDPR
The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy, as well as in the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business.
GDPR compliance implies both privacy and security mechanisms definition, enforcement, and control, including evidence collection. BigAnimal supports GDPR at service level, which means BigAnimal protects the personal data and privacy of EU citizens.