Sparrow Builds Customer Trust with SOC 2 Compliance

play icon

Sparrow prioritizes customer trust

The Sparrow team has always prioritized our customers’ trust first and foremost. As an end-to-end leave partner for our customers, we must regularly handle sensitive information. To assure our customers’ and its employees’ data is completely secure, we acquired one of the most sought-after security achievements in SaaS to certify that our systems are up to the industry’s highest standards. This is why we are proud to announce that Sparrow has been officially recognized with a SOC 2 Type 1 security trust-principle certification.

What is SOC 2 compliance?

SOC2 (Service Organization Control 2) is an audited compliance standard and certification developed by the American Institute of Certified Public Accountants (AICPA). SOC 2 verifies that service providers, such as Sparrow, securely manage your data to protect your organization and the privacy of their clients.

There are two types of SOC 2 audits:

  • Type I: This report describes an organization’s systems and whether their design is suitable to meet the relevant trust principles at a certain point in time.
  • Type II: This report details the operational effectiveness of an organization’s systems and shows how these controls were implemented by an organization over a period of six to twelve months.

Five trust principles

Generally, the SOC 2 framework is based on AICPA’s Five Trust and Integrity Principles:

  • Security: All information and systems are protected against unauthorized access. The access controls aid in preventing theft, system abuse, misuse, and improper disclosure of information.
  • Availability: This principle ensures that the system is ready and available for operation and use by monitoring network performance and handling any security incidents.
  • Processing Integrity: The organization must have in place active quality assurance protocols to ensure that the systems are processing information in a complete, accurate, and timely fashion.
  • Privacy: Any personal information that is collected, used, retained, disclosed, and destroyed must be done in conformity within the organization’s privacy notice and the AICPA’S Generally Accepted Privacy Principles.
  • Confidentiality: All committed and agreed upon confidential information must be protected with the use of network and application firewalls, access controls, and data encryption.

What does SOC 2 compliance say about Sparrow?

SOC 2 compliance is one of the leading standards for SaaS security. The requirements needed to achieve an SOC 2 attestation are so comprehensive that many institutions who handle customer data daily will only work with service providers that are SOC 2 compliant. Our SOC 2 Type 1 security trust principle certification was only awarded after a rigorous audit process.

At Sparrow, we hold ourselves to a high standard, especially when it comes to customer trust and data security. While incredible data security has been our #1 priority since the earliest days of Sparrow, we’re proud that our rigorous approach has been recognized with this certification. —Deborah Hanus, Sparrow CEO

Sparrow is committed to data security

Sparrow undergoes regular audits to ensure we remain SOC 2 compliant. However, we are dedicated to security and are continuously improving our processes. Sparrow software is updated regularly to guarantee we are providing our customers with an incredible leave experience. To learn more about how we’re streamlining leave for our customers nationwide, please schedule a time to speak with us.

We look forward to helping you and your organization streamline leave management — and you can rest assured that your data is being handled safely!