Information security is a reason for concern for all organizations, including those that outsource key business operation to third-party vendors (e.g., SaaS, cloud-computing providers). Rightfully so, since mishandled data—especially by application and network security providers—can leave companies vulnerable to attacks, such as data theft, extortion and malware installation.

At Crisp we consider security very seriously, everything has been detailed over this article.

Please note that Crisp hasn't been over any SOC2 audit but we wish to show we are fully compliant with these specific needs.

What is SOC2?

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.



SOC2 Certification

SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place but as mentioned, we didn't went through this process, this is an article that shows that we are compliant with SOC2.

1. Security

The security principle refers to protection of system resources against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of software, and improper alteration or disclosure of information.

IT security tools such as network and web application firewalls (WAFs), two factor authentication and intrusion detection are useful in preventing security breaches that can lead to unauthorized access of systems and data.

At Crisp, we offer Two Factor Authentication and user identity verification and many other features that will make your secure.

2. Availability

The availability principle refers to the accessibility of the system, products or services as stipulated by our terms of use. We don't provide any SLA's or any contract but we are proud to say that we run an availability that is higher than 99,9945% over 2019.

You can check our availability over our status page. Note that this is a feature we provide to our users when subscribing to our Unlimited Plan.

3. Processing integrity

Our data is stored following the GDPR and follows every requirements. To have more information about our GDPR policy, check it out here.

4. Confidentiality

Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations. All of your encryption strategy is detailed over this article. Feel free to have a chat with us if you wish to go more in depth.

5. Privacy

The privacy principle addresses the system’s collection, use, retention, disclosure and disposal of personal information in conformity with an organization’s privacy notice. At Crisp, we follow close rules regarding privacy.

Everything has been done to keep the maximum of privacy for our users.
Was this article helpful?
Cancel
Thank you!