High-growth companies are continuing to outsource their business requirements to SaaS providers, and the associated risk of mishandling data leaves these organizations increasingly vulnerable to customer data breaches, malware installations, and even extortion.

As a SaaS procurement company handling $100M+ in SaaS spend for hundreds of customers around the world, offering the highest levels of data security and complying to all country-specific regulations is critical in building long-term trust. 

We have customer data in our hearts and it’s really important for us to keep it safe. Our team spent the last few months working through hundreds of documents, requirements, practices, and tasks.

It’s thanks to these efforts, in partnership with Drata, that we’re excited to announce that Sastrify has achieved SOC 2 Type 1 compliance. 

This means our SaaS procurement platform meets five Trusted Services Criteria:

Privacy: your personal information, and how it’s used, complies with all rules and regulations. This includes two-factor authentication and encryption.

Availability: you’ll have open access to the agreed upon data and systems, with frameworks in place for performance monitoring and incident handling.

Confidentiality: rigorous access controls and firewalls ensure sensitive or unauthorized information is never disclosed to the incorrect personnel.

Processing integrity: your data is quality assured and will not be changed or manipulated in any way, shape, or form without explicit permission.

Security: your data is safeguarded against unauthorized access by firewalls, intrusion detection and more.

By obtaining both SOC 2 Type 1 and GDPR compliance, we hope to demonstrate our ongoing commitment to customer data and ensuring their safety at all times. 

Now, organizations of all sizes can trust that Sastrify’s internal systems and controls meet (and often exceed) all industry security standards, and that their data is being handled responsibly.