OLOID completes SOC 2 Type II certification

OLOID is proud to announce that it has successfully completed its Service Organization Control (SOC) 2 Type II certification. This certification is a validation of OLOID’s adherence to the most stringent industry standards for data security and privacy, reinforcing its reputation as a trustworthy and secure physical identity and access technology provider.

In OLOID’s press release, Madhu Madhusudhanan, Co-Founder and CTO of OLOID, said “We are thrilled to have achieved SOC 2 Type II certification. OLOID has always been committed to conforming to the most stringent standards for data security and privacy and this certification is a reflection of our dedication to meeting the highest standards of data security. It is a testament to our commitment to keeping our clients' data safe and secure."

What is SOC 2 Type II Certification?

SOC 2 Type II certification is a set of security standards set by the American Institute of Certified Public Accountants (AICPA) that certifies that a company has met specific security and privacy controls. It is a report on the controls at a service organization relevant to security, availability, processing integrity, confidentiality, and privacy. It's an independent assessment of a service organization's control environment and the operating effectiveness of those controls.

The Type II report includes the results of testing of the controls over a period of time. This is commonly requested by customers of the service organization to gain assurance about the service organization's controls and to mitigate risk. For organizations implementing facial recognition and biometric authentication systems, SOC 2 compliance presents unique challenges around template storage, encryption, consent management, and data lifecycle controls that go beyond traditional authentication methods.

SOC 2 Type II certification involves an assessment of a service organization's controls, which are the policies, procedures, and processes put in place to protect the client’s data.

The assessment process typically starts with the service organization identifying the controls it has implemented to meet the SOC 2 Trust Services Criteria. The service organization then provides the CPA firm with documentation of these controls, such as policies and procedures.The CPA firm then performs testing on these controls to determine if they are operating effectively.

This testing typically covers a period of at least six months and may include procedures such as observation, inspection, and re-performance. The CPA firm also evaluates the design and implementation of the controls and reports on the results of their testing. Once the assessment is complete, the CPA firm issues a SOC 2 Type II report, which details the controls in place at the service organization, the results of the testing performed, and any areas where the controls were found to be lacking.

The service organization can then use this report to demonstrate to its customers that it has implemented appropriate controls to protect its data and systems.OLOID successfully cleared all the parameters and criteria to be in compliance with SOC 2 Type II assessment guidelines.

“Securing SOC2 Type II certification is an important milestone in our mission to build a unified identity framework that prioritizes data security. We underwent rigorous processes and demonstrated adherence to data security, availability, and confidentiality standards set by the AICPA”, said Shankar Agarwal, OLOID’s Co-founder and Head of Engineering.

It is important to note that SOC 2 Type II certification is not a one-time process, it requires annual or bi-annual assessments, and the service organizations must maintain their controls to meet the SOC 2 Trust Services Criteria.