Rokt is SOC 2 Compliant – What This Means for You

By Guido Santo

Rokt has received its first SOC 2 Type 1 report! The report confirms and details the security and privacy safeguards we’ve implemented for our clients in compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).

We are extremely proud of this achievement and committed to always hold ourselves to the highest standards when it comes to data security and privacy, as well as legal and regulatory compliance.

It’s one thing to be SOC 2 compliant, but what does it mean? Read on to learn how this compliance benefits our clients.

Understanding SOC 2 Type 1 Compliance

Rokt’s SOC 2 Type 1 audit report attests for a given point in time that all our product- and service-related systems and processes meet industry-standard security and privacy protocols. Control areas in scope range from common security criteria, system availability, data confidentiality, and privacy requirements for handling personal information. 

To hold this compliance, companies must be audited by an independent certified public accountant who works with the company on an assessment and determines whether the company meets the appropriate standards established by the American Institute of Certified Public Accountants (AICPA).

Why is SOC 2 Compliance important to Rokt?

Data is at the core of everything we do at Rokt, and we take information security and privacy extremely seriously. We hold ourselves to the highest standards when it comes to data protection and work hard to ensure our systems and technology meet industry standards.

SOC 2 compliance is completely voluntary, but Rokt felt it was essential to achieve this compliance to prove our commitment to data protection for both our clients and their customers.

What does this mean for Rokt’s clients and their customers?

Our clients entrust us with personal data from their customers and they rightfully demand independent assurances about our security and privacy posture. We are already ISO 27001 certified and SOC 2 covers similar controls, however, it results in a more granular audit report which client security teams find more useful.

Being SOC 2 compliant shows that Rokt has the governance, infrastructure, and systems in place to protect client information from unauthorized access both from within and outside the company.

What’s next?

Rokt received a Type 1 report, which was a point-in-time audit. Each control was assessed based on a random sample at that time. With the completion of Type 1, the audit period for a Type 2 report kicks off. At the end of that period, the auditing firm will sample across the entire audit period to verify each controls’ effectiveness.

Rokt will continue prioritizing data protection and pursue the SOC 2 Type 2 report to ensure we meet industry standards and market expectations.

The protection of client customer data is paramount to what we do at Rokt. We’re committed to maintaining our SOC 2 compliance in future years and will continuously strengthen our platform in preparation for a constantly evolving cyber threat landscape.

Do you have any questions about how SOC 2 compliance works or how we adhere to it? Are you interested in learning how our secure platform can help generate revenue for your ecommerce business? We’re ready to help. To learn more, request a demo or contact today!