Campspot’s on a mission to make happy campers—which is why we’re committed to providing a secure solution for our campground owners and managers so that they can focus on delighting their guests. When it comes to prioritizing security for our customers (and their customers!), we believe in making the right investments, such as employing Campspot team members dedicated entirely to governance and compliance, and securing trusted third-party industry certifications for our product and services. We strive to follow industry best practices and select and build tools that adhere to industry guidelines in an effort to continuously improve our security. That’s where SOC 2 comes in!
What is SOC 2?
Pronounced “sock two,” SOC 2 stands for “service organization control 2.” Which might still sound a little confusing….Essentially, it is a voluntary compliance standard that’s used to evaluate software as a service organizations such as Campspot. The standards were formed by the American Institute of CPAs (AICPA) to help organizations manage customer data. The compliance standards assess five key areas:
- Security
- Availability
- Processing integrity
- Confidentiality
- Privacy
Why Is SOC 2 Important for my Campground Business?
To obtain SOC 2 Compliance, it means that a company has demonstrated that it maintains a high level of information security. This means that Campspot has rigorous controls and policies in place to protect our customers (and their customers) information.
What’s the Difference Between SOC 2 Type 1 and Type 2?
According to the AICPA, a type 1 report includes “management’s description of a service organization’s system and the suitability of the design of controls,” and type 2 reports “on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.”
Our VP of Finance & Governance, Jill Mast breaks it down in layperson’s terms:
SOC 2 Type 1
This is confirmation that we have controls and policies in place that adhere to the AICPA’s guidelines.
SOC 2 Type 2
This goes one step further where they audit the effectiveness of these controls and policies and tests to ensure that what is in place is being followed and is performing as intended.
What About SOC 1? What’s the Difference Between SOC 1 and SOC 2?
SOC 1 reports are more focused on financial controls, whereas SOC 2 focuses more on organizational areas related to operations and compliance.
Which Types of Certification Does Campspot Have?
SOC certification is a long and rigorous process. As of June 30, 2022, Campspot is SOC 2 Type 1 certified. We also maintain compliance with the Sarbanes-Oxley Act of 2002 (SOX Compliance).
What Does Campspot Do to Maintain that Certification?
Our dedication to safety and security doesn’t stop at certification. We’ll be reviewing our processes annually in order to ensure continued compliance.
“Campspot monitors, corrects, and improves its internal processes that we have put into place during the SOC 2 Type 1 audit. These processes include code reviews for production changes, auditing workflows from when code is committed to Campspot’s repositories until it goes live on our production servers, and ensuring only authorized, authenticated personnel have access to customer data. We’re also performing additional disaster recovery and business continuity operations in order to validate that all our customer data is accurate and correct across our backups and data centers. Additionally, we have stronger policies in place around removing customer data, both upon request and for those customers who no longer do business with Campspot.” – Aaren Twedt, Governance and Compliance Lead
What’s Next for Campspot’s Security?
Campspot’s next step is to be SOC 2 Type 2 certified. We are actively working toward SOC 2 Type 2 certification and are eager to let our community know when we reach that milestone.
Want to learn more about how Campspot prioritizes security and makes happy campers? Request a demo below to chat with a campground reservations software expert. To request our SOC 2 Type 1 Compliance report for the full nitty-gritty details, reach out today!