Campspot’s on a mission to make happy campers—which is why we’re committed to providing a secure solution for our campground owners and managers so that they can focus on delighting their guests. When it comes to prioritizing security for our customers (and their customers!), we believe in making the right investments, such as employing Campspot team members dedicated entirely to governance and compliance, and securing trusted third-party industry certifications for our product and services. We strive to follow industry best practices and opt for tools that adhere to industry guidelines in an effort to continuously improve our security. That’s where SOC 2 comes in!
What is SOC 2?
Pronounced “sock two,” SOC 2 stands for “service organization control 2.” Which might still sound a little confusing…. Essentially, it is a voluntary compliance standard that’s used to evaluate software-as-a-service organizations such as Campspot. The standards were formed by the American Institute of CPAs (AICPA) to help organizations manage customer data. The compliance standards assess five key areas:
- Processing integrity
Why Is SOC 2 Important for my Campground Business?
To obtain SOC 2 Compliance, it means that a company has demonstrated that it maintains a high level of information security. This means that Campspot has rigorous controls and policies in place to protect our customers (and their customers) information.
What’s the Difference Between SOC 2 Type 1 and Type 2?
According to the AICPA, a type 1 report includes “management’s description of a service organization’s system and the suitability of the design of controls,” and type 2 reports “on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.”
Our VP of Finance & Governance, Jill Mast breaks it down in layperson’s terms:
SOC 2 Type 1
This is confirmation that we have controls and policies in place that adhere to the AICPA’s guidelines.
SOC 2 Type 2
This goes one step further where they audit the effectiveness of these controls and policies and tests to ensure that what is in place is being followed and is performing as intended.
What About SOX? What’s the Difference Between SOX and SOC?
SOX (Sarbanes-Oxley Act of 2002) is more focused on financial controls, whereas SOC focuses more on organizational areas related to operations and compliance.
Which Types of Certification Does Campspot Have?
SOC certification is a long and rigorous process. As of June 30, 2022, Campspot became SOC 2 Type 1 certified.
As of June 2, 2023, Campspot is now SOC 2 Type 2 certified. By achieving this certification, Campspot is able to provide evidence that we are effective stewards of our customer’s private information, and have shown that our processes for handling data and system security work as intended. This certification also allows Campspot to work with a new range of service providers and customers who need strong safeguards around private data, including state and local governments.
We also maintain compliance with the Sarbanes-Oxley Act of 2002 (SOX Compliance).
What Does Campspot Do to Maintain that Certification?
Our dedication to safety and security doesn’t stop at certification. We’ll be reviewing our processes annually in order to ensure continued compliance.
“Campspot monitors, corrects, and improves its internal processes continuously to maintain our SOC 2 Type 2 status. Some of these processes include code reviews for production changes, auditing workflows from when code is committed to Campspot’s repositories to when it goes live on our production servers, and ensuring only authorized, authenticated personnel have access to customer data.
We also perform additional disaster recovery and business continuity operations in order to validate that all of our customer data is accurate and correct across our backups and data centers. Additionally, we have stronger policies in place around removing customer data, both upon request and for those customers who no longer do business with Campspot.” – Aaren Twedt, Governance and Compliance Lead
What’s Next for Campspot’s Security?
Campspot’s next step is to continue maintaining our current certifications while we explore new opportunities and options for data security. Maintaining SOC 2 Type 2 is an ongoing effort and an audit will be performed annually going forward, testing a period of 12 months to ensure that our processes are effective throughout the entire year and not just at a particular point in time.
Want to learn more about how Campspot prioritizes security and makes happy campers? Request a demo below to chat with a campground reservations software expert. To request our SOC 2 Type 2 Compliance report for the full nitty-gritty details, reach out today!