Maintaining trust: with high standards for security & data privacy
By Brianna Swartz (Head of Technical Program Management), StoryFile
We are committed to providing the highest levels of security to our clients and take the responsibility of protecting their stories and life experiences with the utmost regard.
Earlier this year we introduced you to StoryFile’s approach to security (read it again!), including how that approach is rooted in our company’s core value of Trust. Now we’re back to tell you about additional levels of security and data privacy we’ve achieved.
StoryFile has successfully completed our inaugural System and Organization Controls (SOC) 2 audit!
Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the following trust services criteria categories: security, availability, processing integrity, confidentiality and privacy.
Both of our SOC reports (2 Type I and Type 2 ) had no noted exceptions and therefore were issued with a “clean” audit opinion from our auditors at Sensiba San Filippo (thank you, SSF!).
We proudly display our AICPA SOC 2 badge on storyfile.com. Feel free to check it out!
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR), which originally went into effect in 2018, is a legal privacy framework. It requires all organizations that do business (or have employees) in the European Union (EU) to protect the personal data and privacy of EU citizens.
StoryFile, in partnership with Vanta, now has a gap analysis available for clients to review that maps our compliance controls to the GDPR framework. Vanta’s gap analysis does the following:
- provide an illustrative set of controls appropriate to demonstrate your GDPR framework
- identify control gaps
- give advice on ways to satisfy the unimplemented controls.
With GDPR compliance achieved, we hope our clients can rest a little easier knowing that their data is well protected.
Our team is already assessing which security standards to tackle next. Keep an eye out for updates from us in the future on US state-specific compliance (e.g., California Consumer Privacy Act (CCPA)) as well as additional frameworks like ISO 28001.
Have a specific security or data privacy inquiry? Feel free to reach me at firstname.lastname@example.org. Our Support Specialists are also happy to guide you via email at email@example.com and phone at +1 833-STORYFILE.
Happy (secure) storyfiling!