I’ve always been proud of Metaimpact’s security program and the dedication of our team and organization to implement industry best practices and standards to protect our customers and their data. That’s why I’m excited to announce that Metaimpact recently received SOC 2 Type 2 certification. What’s more is that we had zero exceptions—meaning we met all requirements without exception.
At Metaimpact, we are building a network-based architecture where multiple parties can go to a co-owned space and collaborate and share information across organizational boundaries. That means metrics, assets, documents, videos, analytics, and desired outcomes are all shareable between multiple parties.
This not only requires solid security and privacy controls, but also means that Metaimpact has a higher bar to clear than many other SaaS companies.
From day one our team has addressed security and privacy in both the software we build and the processes our organization implements.
SOC 2 is a security controls framework that specifies requirements an organization must meet to be compliant. These controls cover a wide range of topics from organization-wide security policies to software development lifecycle (SDLC) practices to disaster recovery procedures.
In order for an organization to be SOC 2 “certified”, it must demonstrate to a third-party auditing firm that every control of the security framework is met satisfactorily. It can take months or even years for startups to be in a position to start and complete the SOC 2 audit process given the vast number of requirements to be compliant.
The two different types of SOC 2 attestation are simple to understand. Type 1 is a point-in-time audit. An organization works with the auditing firm to demonstrate that they have all of the required controls (policies, procedures, and practices) in place and that they are following them at that point in time.
Once an organization has received the Type 1 attestation, then an annual Type 2 audit is conducted. Type 2 is not point-in-time but rather an audit over an extended period of time, like three or six months. This demonstrates that an organization in fact follows all of the controls on an ongoing basis.
SOC 2 is the industry standard for SaaS companies operating in the United States. However, as part of an organization’s security program, it should be one of many certifications. ISO 27001 is a set of international standards very similar to SOC2 but generally covers European requirements. There is a significant overlap between these two frameworks.
HITRUST is another certification that is more aligned with the healthcare industry.
It isn’t a matter of choosing one framework over another, but about the order in which certifications are acquired by a company. MetaCX intends to add both ISO 27001 and HITRUST to our arsenal of certifications over the next 12 months.
SOC 2, ISO 27001, and HITRUST are compliance frameworks that result in certification, or attestation being the more appropriate term.
The General Data Privacy Regulations (GDPR) are the requirements that dictate how companies protect EU citizens’ personal data. It requires being able to provide an individual with all of the data a company has about them, communicating how personal data can be shared across organizations, and giving an individual insight into how their data is stored, processed, and handled.
In the United States, the California Senate passed the California Consumer Privacy Act (CCPA) which is very similar to the GDPR requirements. It is expected to be the foundation of broader consumer protection laws instituted by the federal government.
To summarize, privacy regulations are government regulations whereas SOC 2 is an industry governed standard. There is no government-sponsored certification for GDPR or CCPA. Companies are expected to abide by the regulations or face hefty fines for not doing so.
MetaCX has policies and procedures in place to address GDPR and CCPA requirements.
Learn how Metaimpact empowers organizations with the digital infrastructure needed to enable systems change.
Download the ebook to learn how your organization can go beyond reporting and put a sustainability program in place that drives real progress.
Download the one pager to learn how Metaimpact enables organizations to build digital impact networks to confront the world’s biggest problems.
Learn how Metaimpact empowers organizations with the digital infrastructure needed to enable systems change.
Last week, Metaimpact gathered with a variety of businesses, government organizations, and NGOs that aspire to drive progress in the state of Indiana. The purpose of the event? To discuss new opportunities that have emerged from the metaverse.
In order to use data more effectively, a different approach is needed—software that enables data storytelling.
As data storytelling becomes a more integral part of business strategy, new opportunities will surface, valuable internal conversations will occur, and departments will become more aligned.
Quantifying the impact of strategic initiatives is a critical aspect of success in today's digital age. It’s a task that is becoming increasingly complex, yet more vital than ever before.
Much of the world associates the metaverse with avatars and immersive VR experiences, which is key for consumers and some business applications, but this new computing paradigm offers a more foundational and transformative opportunity for the business world.
Last week, Metaimpact gathered with a variety of businesses, government organizations, and NGOs that aspire to drive progress in the state of Indiana. The purpose of the event? To discuss new opportunities that have emerged from the metaverse.
In order to use data more effectively, a different approach is needed—software that enables data storytelling.
As data storytelling becomes a more integral part of business strategy, new opportunities will surface, valuable internal conversations will occur, and departments will become more aligned.
Quantifying the impact of strategic initiatives is a critical aspect of success in today's digital age. It’s a task that is becoming increasingly complex, yet more vital than ever before.
Much of the world associates the metaverse with avatars and immersive VR experiences, which is key for consumers and some business applications, but this new computing paradigm offers a more foundational and transformative opportunity for the business world.
Request a demo to learn how Metaimpact provides the path into the metaverse.
