Company News

FloQast Achieves SOC 2 Type 2 and ISO 27001 Certification

Just over seven months ago, we announced that FloQast had officially completed SOC 2 Type 1 certification, a big step for the company in our path to IPO and validation that FloQast meets the highest security, availability, and confidentiality standards established by the AICPA. 

Yeah, well, it turns out that there’s actually another layer to SOC certification — as well as certain international standards that need to be met — and that we want to talk about…

That’s right, today, we’re happy to share that FloQast has completed its SOC 2 Type 2, confirming that the controls established for SOC 2 Type 1 have worked consistently — without exception — for the last six months. 

However, that’s not all the exciting news breaking today. Recently, we obtained our ISO 27001 certification, an international security standard indicating an organization has the tools and systems in place to ensure the confidentiality, integrity, and availability of all corporate data. 

ISO 27001, which is published by the International Organization for Standardization (ISO) and International Electrotechnical Commission [IEC] [Both cool band names, IMO], is the only information security standard recognized at the international level. This certification will provide added momentum for FloQast’s global expansion as it continues to pick up steam across the pond. 

“These certifications are vital because they indicate to the market – and most importantly, to our customers – that we take security very seriously,” said Mike Whitmire, CPA*, CEO and co-founder of FloQast. “I’m particularly proud because not only did we meet the certification standards, but direct feedback from auditors showed that we exceeded them at levels rarely seen in the industry.”

Just as SOC 2 Type 2 gives customers confidence that FloQast’s security, availability, and confidentiality meet the highest standards, it might not have been possible without the FloQast product itself. To test the controls, companies need to conduct internal audits to ensure consistency. Relying on FloQast Ops, the team managed the wide variety of tasks associated with these certifications, centralized documentation, and improved visibility into statuses to increase communication and collaboration across teams.

In a year where many organizations struggled to ensure compliance because of widespread shifts to remote work, these certifications show FloQast’s commitment to customer data through effective security, availability, and confidentiality. 

John Siegel

John Siegel is a Corporate Communications Manager at FloQast. Prior to joining the company, he wrote about Los Angeles-based tech companies for Built In LA. You can follow him on Twitter @JVNSiegel.