New Security Standards & Data Privacy Regulations Met: SOC 2 + GDPR

StoryFile has successfully completed our inaugural System and Organization Controls (SOC) 2 audit!

Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the following trust services criteria categories: security, availability, processing integrity, confidentiality and privacy.

Both of our SOC reports (2 Type I and Type 2 ) had no noted exceptions and therefore were issued with a “clean” audit opinion from our auditors at Sensiba San Filippo (thank you, SSF!).

We proudly display our AICPA SOC 2 badge on storyfile.com. Feel free to check it out!

The General Data Protection Regulation (GDPR), which originally went into effect in 2018, is a legal privacy framework. It requires all organizations that do business (or have employees) in the European Union (EU) to protect the personal data and privacy of EU citizens.

StoryFile, in partnership with Vanta, now has a gap analysis available for clients to review that maps our compliance controls to the GDPR framework. Vanta’s gap analysis does the following:

• provide an illustrative set of controls appropriate to demonstrate your GDPR framework
• identify control gaps
• give advice on ways to satisfy the unimplemented controls.

With GDPR compliance achieved, we hope our clients can rest a little easier knowing that their data is well protected.

Looking Ahead

Our team is already assessing which security standards to tackle next. Keep an eye out for updates from us in the future on US state-specific compliance (e.g., California Consumer Privacy Act (CCPA)) as well as additional frameworks like ISO 28001.

Have a specific security or data privacy inquiry? Feel free to reach me at security@storyfile.com. Our Support Specialists are also happy to guide you via email at support@storyfile.com and phone at +1 833-STORYFILE.

Happy (secure) storyfiling!