Submittable’s Got You: SOC 2 Type 2

Submittable is proud to work with you and devoted to keeping your organization’s vital data secure. To this end, our team is thrilled to announce a recent milestone: the platform is now SOC 2 Type 2 certified. 

This achievement is a testament to Submittable’s data security and privacy, for everyone who interacts with our platform. We know that your organization is not only concerned with your own data security, but also that of hundreds or even thousands of your submitters and applicants. Here are the basics:

What is SOC 2 Type 2?

Developed by the American Institute of Certified Professional Accountants (AICPA), a Service Organization Control (SOC) 2 audit assesses data protection among cloud-based service providers like Submittable. 

SOC 2 audits are performed by certified third parties, ensuring accuracy and impartiality. Whereas a SOC 2 Type 1 audit tests vendor controls at a single point in time, Type 2 is notably more comprehensive and rigorous, requiring between six and twelve months of assessment. A SOC 2 Type 2 audit is the most thorough appraisal available within the SOC protocol. 

AICPA SOC certification logo

Why is this certification important to Submittable?

In October of 2018, Submittable underwent a SOC 2 Type 1 audit which successfully demonstrated the software’s adherence to applicable AICPA trust services criteria. Given Submittable’s stalwart commitment to user data security, obtaining a SOC 2 Type 2 certification was a natural and important next step. 

Since then, Submittable has an audit performed annually by AICPA licensed auditors at A-LIGN, a leading cybersecurity and compliance professional services firm. A-LIGN tests the real-world suitability and effectiveness of our security controls over a 10 month period and awarded Submittable a SOC 2 Type 2 certifications in October of 2019 and again in late 2020.

What does SOC 2 Type 2 mean for you?

You rely on Submittable to streamline the submission process, a process in which data is integral. Because our team values your confidence in the software’s privacy and security procedures, Submittable takes the responsibility of protecting your data very seriously. 

While you won’t notice changes to the platform related to SOC 2 Type 2, you can feel good knowing that Submittable is always working to keep your organization’s, submitters’ and applicants’ data secure. 

And this commitment goes beyond our current certification. Submittable is dedicated to maintaining continuous SOC 2 Type 2 audit coverage on an annual basis. Your data security and privacy is important to our team, and essential to the future of our service. We thank you for using Submittable. 

Rachel Mindell

Rachel Mindell is a Special Projects Editor at Submittable. She also writes and teaches poetry. Connect with her on LinkedIn.