A SOC 2 audit is an assessment of the internal controls that directly related to the security and availability of our platform. This audit ensures that our information security practices, policies, procedures, and operations meet or surpass the rigorous SOC 2 standards created by the AICPA. Our platform is secure by design, and now we’ve had an independent third party verify that fact.
Each customer controls which data is stored on the platform and has complete administrative control over how that data in handled. Structural is designed to securely store data at rest. We also use TLS encryption between the web client, mobile app and Structural’s infrastructure.
“The SOC 2 audit is based on the Trust Services Criteria. Structural delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Structural’s controls.”
The governance of our platform is achieved through an audience-focused permission model, as well as multiple roles within the platform. Content created on the platform can be shared with wide or limited audiences. Additionally, any content can be removed at any time by an administrator. Structural logs all activity on the system to capture and report on user behavior.
Structural is designed to be an open platform for those users who have successfully authenticated. Creating an internal people network is predicated on members of that network being able to connect with one another. However, if there is sensitive information or profiles that shouldn’t be visible, we provide a rich method of creating, saving and using audiences to share specific information.
Access to Structural is governed by the client and each user on the platform is associated with a member of an authorized team. Structural integrates with the g-suite, local authentication and SAML IdPs such as Okta, leveraging best-in-class authentication and authorization technologies.
Structural is developed on secure machines using modern, secure practices with a high level of security and protection of sensitive information. Structural is deployed in a robust, multi-zone, cloud deployment for both redundancy, continuity of service, and disaster recovery. Structural operates on a need-to-know data access policy as well as maintaining both a continuity of service plan.