ActivTrak’s SOC 2 Compliance FAQ

Organizations are increasingly concerned about the security, privacy, availability, and integrity of the data they share with vendor partners. The ActivTrak SaaS application is designed with a privacy-first approach in mind, and uncompromising security to ensure the confidentiality and integrity of all collected and analyzed data. That is why we have achieved SOC 2 Type 1 and Type 2 certification for two years in a row without exception, which provides independent validation that our security controls and operational processes meet a security standard of excellence.

This article outlines the most frequently asked questions and answers about SOC 2 Compliance.



What is SOC 2?

Developed by the American Institute of Certified Public Accounts (AICPA), a SOC 2 Report confirms the results of a comprehensive audit that focuses on the system-level controls that process customer data. 

SOC 2 reports cover the design and documentation of controls and provide evidence around how the organization operated the documented controls over an extended period of time for a given point in time.

What is the difference between SOC 2 Type 1 and SOC 2 Type 2 Compliance?

There are two different types of SOC 2 reports.

  1. A SOC 2 Type 1 report describes a service provider’s systems and whether the system is suitably designed to meet relevant trust principles. 
  2. A SOC 2 Type 2 report details the operational effectiveness of those systems and includes a historical element that shows how controls were managed by a business over a period of time.

Currently, ActivTrak has achieved SOC 2 Type 1 and Type 2 Compliance.

What are the SOC Compliance requirements?

SOC 2 is not a standard or requirement. For instance, security standards like PCI DSS have very specific requirements, whereas, SOC 2 policies, procedures, and technical controls are unique to each organization. 

Instead, to be SOC Compliant you need to pass a technical audit, performed by a third-party, that validates whether your organization has created, documented, and is following a range of policies and procedures.

How does SOC 2 Compliance benefit ActivTrak customers?

ActivTrak is committed to establishing trust with our customers, delivering innovative technology and powerful workforce insights in a smart, ethical, and secure manner. We regularly test our infrastructure and applications rigorously to isolate and remediate vulnerabilities. We also work with industry security teams and third-party specialists to keep our users and their data safe. 


As a certified SOC 2 Compliant solutions provider, we have multiple layers of protection across a distributed, reliable infrastructure. All ActivTrak data is stored in a secure data warehouse managed and secured by Google Cloud Platform (GCP).

What does ActivTrak’s SOC 2 Report look like?

Contact us to view ActivTrak’s SOC 2 report created by Moss Adams


Learn more about ActivTrak's security and data privacy measures by visiting our Trust Center.

Was this article helpful?

4 out of 5 found this helpful


No comments