Put Your Customers First and Let them Do the Talking. Get Your Guide on How to Build an Advocacy Growth Engine.
Put Your Customers First and Let them Do the Talking. Get Your Guide on How to Build an Advocacy Growth Engine.
Today’s technology leaders must secure and protect customer, employee, and intellectual property data in an increasingly complex and risky environment. Companies must also comply with all applicable laws, including those related to data privacy and transmission of personal data, even when a service provider holds and processes a company’s data on its behalf. It's important to ensure your loyalty vendor adheres to specific security principles and data security criteria—including the completion of IS27001 and SOC 2 Type II security compliance.
Learn more about compliance and choosing the right loyalty vendorAnnex Cloud maintains a formal and comprehensive security program to ensure the security and integrity of customer data, protect against security threats or data breaches, and prevent unauthorized access to our customers’ data. The specifics of Annex Cloud’s security program are detailed in our third-party security audits and international certifications. We’ve been ISO 27001 certified since 2019 and the Annex Cloud SOC 2 Type II report is an independent assessment of our control environment performed by a third party.
ISO/IEC 27001 is an international standard for how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, then revised in 2013. It details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) to help organizations make the information assets they hold more secure. ISO/IEC 27001 is designed to cover much more than just the IT department.
ISO/IEC 27001 requires that management:
Additionally, ISO27001 was strengthened with Annex Cloud Controls, which include:
SOC evaluation is a multi-level evaluation across multiple principles.Compliance to SOC security standards means the vendor fully meets the established security criteria and is competent to prevent unauthorized access to data. The SOC 2 report is based on the AICPA’s Trust Services Criteria and is issued annually in accordance with the AICPA’s AT Section 101 (Attest Engagements). The SOC 2 report addresses all Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, and Privacy).
The SOC 2 Type 2 audit is based on criteria used to evaluate controls relevant to the security, processing integrity, availability, confidentiality, and privacy of any system. The SOC 2 Type 2 report includes audit details of the service organization controls outlined by the Trust Services Criteria (TSC) set by AICPA.
IT system software and application Programs
All Manual and automated procedures
Personnel using the system
Physical, IT, and related hardware
Files, tables, data bases, transmission streams, and output processed by a system
Other areas specifically analyzed under a SOC 2 Type 2 audit include:
Be inspired with endless ways to make every customer interaction rewarding.
GET A DEMOLet's explore how loyalty can help you become one of your customers' most beloved brands.
CONTACT US