CTM Blog


CTM is SOC 2 Compliant!

by Barb Cronin

At CallTrackingMetrics we take security seriously–and we know you do too! That’s why we are happy to announce that effective in February 2023 CTM is SOC 2 compliant. Our SOC 2 compliance demonstrates our ongoing commitment to maintaining the highest level of information security for our customers and the businesses they serve. This compliance occurs after an examination of information security processes and systems based on the trust services criteria relevant to the security, availability, and confidentiality of information. 

What is SOC 2? 

You may know that SOC 2 compliance indicates that an organization maintains stringent information security but just what is SOC 2? SOC 2 is short for Service Organization Control 2. It is a security framework that specifies how organizations should manage, process, and store customer data. 

To achieve SOC 2 compliance and receive attestation, an independent, third-party CPA firm conducts a thorough examination of interviews, audits, and extensive evidence gathering. This is a time-consuming process that can take months. After a careful review of the information gathered, the third party then makes specific recommendations concerning creating new policies that may have been missing or updating existing policies. These findings are compiled into a report shared with the organization working for SOC 2 compliance. The organization is then responsible for following these recommendations to achieve the certification for SOC 2. 

These audits, developed by the American Institute of Certified Public Accountants (AICPA) to provide assurance over a service provider’s cybersecurity controls are based on five Service Trust Principles. These principles are: 

  1. Security 
  2. Availability
  3. Processing integrity
  4. Confidentiality
  5. Privacy

This compliance is essential to preserve the privacy of businesses, customers, and all of their sensitive data. Some companies won’t even consider doing business with organizations that aren’t SOC 2 compliant. 

Graphic with SOC 2 compliance logo saying CTM is SOC 2 compliant.

Types of SOC 2 Compliance

It’s important to understand that there are different ‘types’ of SOC 2 compliance. There’s SOC 2 Type 1, also commonly referred to as simply ‘Type 1’. Type 1 compliance assesses security process designs and determines if they meet the trust principles. Generally speaking, this is a point-in-time attestation. For example, on February 10, 2020, XYZ Company demonstrated that they meet all of the trust principles and related compliance. This is the type of compliance CTM has achieved. 

There is also SOC 2 Type 2. So just what is SOC 2 Type 2 and what makes it different from SOC 2 Type 1? SOC 2 Type 2, also referred to as Type II, assesses how those security designs actually work and how effective they are over a period of time. Type 2 is a continuous attestation. For this type, the third-party firm asks for lists of evidence, they take samples, etc. in order to determine if your organization is continually adhering to these principles. CTM is now actively working towards SOC 2 Type 2.

Logo showing SOC 2 compliant

4 Reasons Why SOC 2 Compliance Matters

  1. While SOC 2 compliance isn’t mandatory, many organizations, like CTM, find it indispensable as numerous organizations expect their service providers to have reached this level of security compliance. SOC 2 is a way to clearly demonstrate to other businesses that your organization is serious about information security. Having this compliance and using software that has it, can make you more attractive to your customers than your competitors who don’t have this certification. 
  1. In addition to meeting your customers’ needs and gaining a competitive edge, with SOC 2 compliance, this additional level of security can potentially save your organization–and your customers– millions of dollars by avoiding a security breach. A security breach costs organizations an average of $4.35 million dollars in 2022. While there are time and costs involved in achieving compliance for SOC 2, it’s certainly less than a breach that not only costs you millions but also can damage your reputation. 
  1. If security matters to you, and we know it does, then doing business with a SOC 2-compliant organization makes it easier for your organization to maintain SOC 2 compliance and other important security certifications like HIPAA, PCI, and GDPR. Our SOC 2 compliance can be used in the vendor vetting process. 
  1. Peace of mind may not increase your bottom line directly, but it’s a great benefit of having SOC 2 compliance. When you know without a doubt that your organization has done its due diligence in keeping your customers’ information and data secure, you can relax and focus on other priorities. 

Security Matters at CTM

As mentioned, at CTM we take information security seriously. We continually provide a secure platform for our customers and the businesses they serve.  In addition to our SOC 2 compliance, we have other critical security compliances and processes in place. From encrypted data and secure notifications to being HIPAA and GDPR-compliant, our team makes sure that we are meeting the top industry standards for information security. 

Graphic showing CTM's security compliances.

Ready to check out CTM’s SOC 2-compliant software in action? Book a Demo with our team to learn more.