Everything You Should Know about Security, SOC 2, and Responsible Purchasing

Modern security is all about safeguarding your organization's systems, processes, and data at every step.

That includes your entire purchasing infrastructure.

We’ve helped hundreds of companies complete security reviews every day as part of their vendor contract management process. We’ve even helped IT teams complete tool audits for their own SOC reviews.

Securing data is a necessary part of responsible purchasing and risk management. After all, some of your company’s most confidential information lies within the third-party platforms you use (that’s us) and the fine print of all your contracts (which is housed in our platform).

Rest assured that safeguarding your data has always been a top priority for us at Tropic. 

Our voluntary SOC 2 audit and accompanying report validates our ongoing commitment and dedication to protecting our customers’ critical information with industry-standard best practices.

Here’s everything you should know about our SOC 2 report and what it means for you:

What’s SOC 2?

SOC 2 stands for Systems and Organization Controls 2. It’s a globally-recognized information security standard that outlines how companies should protect customer data.

SOC 2 provides a framework for organizations to ensure that they’re implementing best practices to secure sensitive information.

A company’s SOC 2 report is generated after a voluntary 6-month audit that assesses the information security controls a company has put into place across their systems and processes.

Why should you care?

Our SOC 2 audit and report show how Tropic’s entire infrastructure has been designed and built to safeguard your sensitive information. Within the vendor contracts and purchases that we help you manage, your data is completely secure in our platform.

More so, you can fully trust that our systems and processes are reliably developed and our platform and services will continue to scale securely.

How exactly does Tropic keep your data secure?

Our SOC 2 report documents all the ways in which we protect information, including:

• Encrypting and backing up your data to protect it from loss or unauthorized access
• Routinely implementing and testing processes for business continuity and incident response, to maintain uptime and performance
• Carefully controlling how our application code is changed, with secondary approvals and automated testing
• Constant system monitoring to detect suspicious activity
• Employee security training to educate the entire organization and elevate the importance of security best practices

‍What’s next?

SOC 2 isn’t a one-and-done outcome for us. Instead, it’s an annual audit process that we’re committed to in order to maintain the industry standards and practices mentioned above.

Our dedication to information security means that we’ll thoroughly monitor our security controls and make ongoing improvements throughout each year.

All we want is you to enjoy procurement paradise, safely and securely. 

‍

For additional information, view our privacy policy here.

If you have any questions, contact us at privacy@tropicapp.io