Poll Everywhere understands its customer’s interest in security and privacy, and believes it important to acknowledge as much. From a business perspective, how does a company propose someone entrust their data to a service when it has not shown to care about these values? Shouldn’t security and privacy be an intrinsic part of what a Software as a Service (SaaS) company provides? In seeking to put our money where our mouth is, we’ve sought to obtain respective certificates of compliance and attestations to walk the walk.
Systems and Organization Control (SOC) 2 Compliance
For the past few years, Poll Everywhere has proven SOC 2 compliance. SOC, one of the more common compliance goals for technology companies, was developed by the American Institute of CPAs (AICPA). It is a set of management standards for organizations that defines criteria for overseeing customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality and privacy.
In order to prove compliance, a company will bring in an accredited, third party firm to assess both a vendor’s systems and whether their design is suitable to meet the relevant trust principles. Then, subsequently, the firm assesses the operational effectiveness of those systems i.e. show us the system and design actually works. Fundamentally, SOC 2 compliance requires long-term, ongoing internal practices that ensure the security of customer information. Hence our interest in pursuing this.
But, while largely recognized, SOC 2 is more prevalent in North America and we wanted to prove our worth to customers globally. So where do we go from here…?
International Organization for Standardization (ISO)
What is ISO? ISO stands for the International Organization for Standardization. Founded in 1947, it is an international standard-setting body composed of representatives from various national standards organizations. They’ve made it their purpose to develop and publish worldwide technical, industrial, and commercial standards. Standards standards and more standards.
An example of the broad and global coverage of this organization is one of the earliest ISO standards, ISO 6. What’s ISO 6 you ask? Well, do we all remember film photography? ISO 6 allowed photographers to select the right film for their subject, taking into account things like lighting and speed of movement i.e. that little ISO acronym on your film camera (yes, I do still have a film camera).
Now, getting back to what you care about. ISO 27001 is the international standard for information security. It sets out the specification for an information security management system or ISMS. The ISMS standard’s best-practice approach intends to help organizations manage their information security by addressing people, processes and technology.
ISO 27701, to put it simply, is a data privacy extension to ISO 27001. It’s also referenced as PIMS (Privacy Information Management System) and outlines a framework for Personally Identifiable Information or PII, Controllers and PII Processors to manage data privacy.
This standard is relatively new; it was published in October 2019 and provides the framework for organizations looking to put in place a system that also supports compliance with the EU’s GDPR, California’s CCPA, and other data privacy requirements.
So…what does this all mean to you, dear reader?
Our hope is that this ongoing work shows our continued commitment to providing a great Poll Everywhere experience, while ensuring your information is kept secure and private as should be expected. You shouldn’t be concerned about such matters while activating an Activity, running a Competition or responding to a Multiple Choice question. Our company mission is to make meetings more inclusive. For more detailed information about Poll Everywhere’s dedication to security and compliance, check out our security page.