Since June 1st, 2021, HoloBuilder is compliant with SOC 2® Type I. SOC 2 („Sock Two“) stands for “System and Organization Controls 2”. The related report is aimed to provide assurances about the usefulness of available controls at a service organization that are relevant to the security, availability, processing integrity, or confidentiality and privacy of the system used to process clients’ information.
Learn more about SOC 2 or how to get access to the report below.
What is a SOC 2® Type I report?
Developed by the AICPA (the American Institute of Certified Public Accountants), this report addresses how a service organization manages customers' data in terms of Security, Availability, and Processing Integrity used by the service organization to process users’ data and the confidentiality and privacy of the information these systems process. More information on the SOC 2® report can be found on this link directly on AICPA's website.
There are 2 types of SOC reports:
Type I: describes a Vendor's systems and whether their design is suitable to meet relevant trust principles.
Type II: details the operational effectiveness of these systems.
Who attested that HoloBuilder is SOC 2® Type I compliant?
The service provider performed the audit on behalf of bitstars GmbH in Germany and examined the services that HoloBuilder, Inc. provides (as the “HoloBuilder Solution”). The chosen service provider company is a licensed CPA (Certified Public Accountant) firm and is authorized by the American Institute of Certified Public Accountants (AICPA) to conduct these audits.
How did the service provider company audit HoloBuilder's trust services?
HoloBuilder provided the service provider with a description of its system, infrastructure (e.g. Microsoft Azure), how it works, and which internal controls and processes we have in place to make sure that we operate in a way that meets high standards for the following criteria:
Security: How do we protect the system against malicious attacks, data loss, and other security threats?
Availability: How do we make sure that we maintain the high availability of our systems?
Confidentiality: How do we make sure that confidential information is protected from unauthorized access?
What does the SOC 2® Type I attestation mean for our customers?
Our customers provide us with important company data and we make sure to protect it and mitigate risks by implementing controls in compliance with the certified SOC 2® Type I standard. SOC 2® Type I compliance shows that we are committed to providing services of high quality to our users by meeting the security and compliance standards of the AICPA.
What's the next step for HoloBuilder and SOC 2®?
The SOC 2® Type I report does not attest to the operational effectiveness of the security, availability, and confidentiality controls that we have in place. This will be audited in the second phase as the SOC 2® Type II report. This second audit normally takes place a year after the Type I attestation is done. As part of our ongoing commitment to security and privacy in order to provide a best-in-class Construction Progress Management cloud platform, getting the Type II certification will be the next step.
How to request the SOC 2® Type I report?
Please send us your request to your customer success manager or send an email directly at firstname.lastname@example.org. Our team will get back to you with the required steps to receive the corresponding report for review.