When I joined Ultimate as the new CTO in the fall of 2020, I was pretty excited about our upcoming SOC2 certification.
I am delighted to announce that we’ve finally reached this invaluable milestone of cybersecurity. And what an exciting — and, at times, exhausting — journey it has been.
Reaching a Milestone: SOC2, Type 2
Ultimate is officially a SOC2, type 2-compliant company. What this means, in a nutshell, is that Ultimate has been rigorously audited according to a catalogue of five criteria defined by the American Institute of Certified Public Accountants (AICPA), including:
- Privacy
- Security
- Availability
- Processing integrity
- Confidentiality
This means that:
- Prospects evaluating us for security can now save time and effort because they have proof, verified by one of the most renowned security trust management systems in the world, that our risk management, governance, and data handling processes are safe and trustworthy.
- Existing customers can rest assured that we will continue to stay on top of our security measures at all times, as a SOC2 audit evaluates not only a commitment to security, but looks at actual evidence thereof with yearly recurring audits.
“Security and trust are of utmost importance to us at Telia. We are constantly improving these factors with our vendors, and formal security standards are natural steps to take. We are delighted that our vendor Ultimate is now SOC2 compliant.”
- Peter Modig, Senior Manager, Telia
- We at Ultimate can work more efficiently on our end, as we don’t have to collect and provide security measures ad-hoc, instead ensuring that we maintain our SOC2 status through long-term policies and controls.
- Our customers’ customers are guaranteed high and consistent security standards for their data by proxy. In addition to Ultimate, any other subcontractors who may be involved in the automation process must meet high security and privacy criteria — whether they’re a CRM provider, API, or back-office software. For example, all of the major CRM providers we integrate with, including Zendesk, Salesforce, and Freshworks, are SOC2 compliant.
Getting here has absolutely been a collective effort, with my dedicated team members from People, Engineering, Development, and AI working tirelessly over the past months to draw up and implement security policies, provide watertight documentation to prove our compliance, manage controls, and prepare for a meticulous, months-long audit down to a T. And how could we not, with our customers’ privacy and security at stake?
Building on our commitment to GDPR compliance
On our way to SOC2 type 2 compliance, we have done everything in our power to optimize our risk management processes, advance internal governance structures, and keep our customer data secure and confidential. Most importantly, we are also GDPR compliant, meaning that we collect, store, and protect personal data in line with a comprehensive set of data protection regulations passed in the European Union in 2018.
Ultimately, the SOC2 certification is the natural result of our continuous efforts to solidify one of Ultimate’s core values: Trust. In an age where one big data scandal chases the next, wreaking havoc on our willingness to divulge personal information online, it is more important than ever to double down on the principle of safety first — even as hyper-personalization becomes increasingly indispensable in the customer service industry and beyond.
Don’t get me wrong — committing to the former does not mean having to sacrifice the latter. On the contrary: With baseline security and privacy measures like SOC2 and GDPR in place, we can make sure that hyper-personalization and automation can continue to work hand-in-hand to maximize customer experiences without ever having to worry about jeopardizing security or privacy.