Wherefour customers can now enjoy the ease and accuracy of built-in SOC 2 compliance. Simply put, your ERP partner is committed to maintaining the highest level of information security demonstrating improved practices and a competitive advantage for IT and cloud-based services.

What is SOC 2?

Service Organization Controls 2 (SOC 2) is a framework that is governed by the American Institute of Certified Public Accountants (AICPA). With an SOC 2 audit, an independent service auditor reviews an organization’s policies, procedures and evidence to determine if their controls are designed and operating effectively. An SOC 2 report communicates a company’s commitment to data security and protection of customer information.

Why is it important?

SOC 2 compliance demonstrates an organization’s commitment to their customers’ trust and is a major milestone towards improving their overall security posture. With increasing cybersecurity threats and data breaches, it is paramount that organizations prioritize information security and the protection of their systems and data. By committing to SOC 2’s voluntary compliance standards, Wherefour has demonstrated that our controls and processes are third-party evaluated and accredited.

Why did we pursue SOC 2 now?

We have made this integral step on behalf of our customers and affiliates because we believe in proving the implementation of security controls. At our current stage of innovation and growth, it became clear that now is the ideal time to pursue this important effort to protect data, mitigate potential security risks, and implement controls for the future.

In conjunction with our commitment to best-in-class functionality and customer service, adding an additional layer of data security transparency demonstrates our dedication to improving our suite of solutions. We strive to deliver innovation on all fronts and are proud of our top ranking in recent CannaTech, Tekpon, GetApp and Capterra lists.

Wherefour’s journey to SOC 2 compliance

Compliance Partners

Vanta: We partnered with Vanta, the leader in the Trust Management space, to help us automate the collection of our audit evidence. Vanta provides us with the strongest security foundation to protect our customer data.

Advantage Partners: Our audit firm, Advantage Partners, was extremely helpful in creating a seamless audit experience. With their guidance and support, we were able to achieve SOC2 compliance in a swift, efficient manner.

Process

While SOC 2 can be a big undertaking, our compliance partners streamlined the process. We leveraged Vanta to integrate our key systems and guide us in implementing policies and procedures to quickly become audit ready. Vanta gave us the direction we needed to pursue our compliance journey.

Advantage Partners then confirmed our audit readiness and we kicked off our Type 2 audit. For the audit, Advantage evaluated the controls we have in place and opined on their state. Shortly after our audit window ended, Advantage Partners drafter and issued our report.

Timeline

One key takeaway is understanding that improving our security posture and achieving compliance is a monumental task. This was made easier with the right compliance partners. The readiness period can take up the majority of the time, but we were able to make compliance a priority and get audit ready in a matter of weeks instead of months.

We also discovered the importance of reviewing the audit timeline with Advantage Partners, setting an ideal audit date, and then working backwards to be ready in time. Now that controls are implemented and security is a priority for our team, subsequent SOC 2 audits will be even more seamless.

Wherefour is proud to offer this advanced level of data security to our suite of innovative solutions for today’s manufacturer. In our increasingly competitive markets, we know the value of strong partnerships for small to medium businesses working hard to establish and grow their brands. We remain committed to achieving every level of ERP compliance available so that our customers can focus on what they do best while we do the rest.