As of today, PredictAP has completed the SOC 2® Type 1 attestation. SOC 2 is a rigorous compliance standard developed by the American Institute of CPAs (AICPA) that is designed to specify how organizations should manage customer data.
“We’ve taken data privacy seriously from day one, and built PredictAP to be safe and secure,” said PredictAP Founder David Stifter. “Working on our compliance program with SOC 2 specifically is just part of PredictAP’s commitment to meet the needs of our institutional customer base.”
Data privacy and security have been a top priority for PredictAP from its inception, said PredictAP VP of Engineering Chris Antenesse. Rushing to build features and solving for security later is an outdated and risky approach, he explained.
"We incorporate best practice while developing features, not as an afterthought," he said, with both automated and manual review processes in place to ensure the product is free of security issues.
As part of the attestation process, PredictAP completed a thorough SOC 2 Type 1 compliance audit with Laika, a compliance-as-a-service platform that helps companies manage infosec and privacy compliance, obtain security certifications and build credibility with their customers.
The process includes providing documentation on processes, data management infrastructure, and a progressive approach to data access permissions. Greg Achenbach, Vice President of Product at PredictAP, explained that progressive permissions are the new standard for managing access to customer data. "Our approach is to grant access only on an as-needed when-needed basis, and even then only to the extent necessary," he said.
While the Type 1 audit is not a required prerequisite to Type 2, organizations like PredictAP who complete the Type 1 first are helping to mitigate potential audit loops and timeline extensions by ensuring their compliance program design is fundamentally sound before entering the Type 2 observation period.
PredictAP executed SOC 2 Type 1 by working with Laika's integrated audit feature via Laika Compliance, LLC.
Next, PredictAP will begin a months-long monitoring period as part of their SOC 2 Type 2 audit process where auditors will observe how well their controls are operating.
Read the official press release here.