Blog / October 22, 2020

The gold standard for security: Moveworks achieves SOC 2 Type 2 compliance

Kyle Hirai, Head of IT & Security

Jason Chin, Principal Technical Program Manager

moveworks achieves soc 2 type 2 compliance

Moveworks is proud to announce that we are now compliant with SOC 2 Type 2, the gold standard for information security. This compliance validates our continued commitment to protecting your data — and affirms the security of our AI solution.

Since we founded Moveworks, we’ve built bleeding-edge security into everything we do, from our machine learning models, to our operational practices, to our employee training. As a result, we achieved both ISO 27001 and SOC 2 Type 1 compliance in our first year out of stealth mode. SOC 2 Type 2 compliance represents the biggest milestone to date in demonstrating that, from the very beginning, we’ve prioritized security across the board.

Service Organizational Control (SOC) 2 reports ensure that compliant companies maintain confidentiality when transmitting, storing, maintaining, processing, and disposing of customer data. SOC 2 Type 1 assesses an organization’s security standards at a given moment in time, while SOC 2 Type 2 proves that the organization has maintained those standards over a sustained period. Typically, only large, mature organizations are able to achieve this level of compliance. But we've worked diligently to get ahead of the curve, understanding that we can't compromise when it comes to our customers' data.

aicpa soc service organization

What does this mean for you?

Simply put, it means you can trust Moveworks with your data. IT leaders place emphasis on SOC 2 Type 2 compliance because it's one of the few audits that attests to an organization's security posture over a sustained time period. Because we know that companies look to partner with vendors who not only innovate quickly, but also maintain the highest bar for security, we’ve focused on attaining compliance from the very start.

At a high level, our specific SOC 2 Type 2 report shows that we’ve upheld three core commitments:

1. The Moveworks platform is secure.

Security readiness policies and procedures are built into our platform. As we develop our products, we conduct frequent security code reviews and partner with third-party security experts to test for vulnerabilities.

To ensure that our people are as secure as our technology, we conduct in-depth security awareness training. Every employee must complete it both as part of new employee onboarding and as part of an annual education program. Additional security training is customized based on role and team to ensure that everyone is up-to-date with the latest information.

2. Moveworks keeps your data confidential.

We know that data privacy is critical. That’s why all customer data in our possession is always encrypted — both in transit and at rest. For each customer, we use unique encryption keys to keep your information secure. Additionally, Moveworks employees can only access customer data on a need-to-know basis, according to strict, role-based policies and procedures.

Data confidentiality extends to how we develop our product. We use common, anonymized language to train our global machine learning models. Your private data is only used to train models specific to your organization.

3. The Moveworks platform stays accessible.

Moveworks is available day or night, weekdays and weekends. To maintain our 99.5% SLA availability, we rely on a leading cloud infrastructure provider to ensure all our customer data has redundant, secure backups in geographically dispersed locations.

Our security roadmap

SOC 2 Type 2 is a major achievement, but we work to continuously maintain and improve our core security framework over time. Our privacy and compliance roadmap includes CSA STAR, HIPAA, FedRAMP, and more. We understand that security requirements differ by industry, and we remain dedicated to meeting those requirements as Moveworks grows.

Want to learn more?

The full SOC 2 Type 2 report is available upon request, in addition to more information on our architecture and security practices. Please contact us for additional details and to view the full report.

Contact Moveworks to learn how AI can supercharge your workforce productivity.

Table of contents

Subscribe to our Insights blog