SOC 2 examination for Insider

Insider has successfully completed the SOC 2 examination.

At Insider, maintaining user data privacy and security is embedded in our culture.

Building data security is a continuous process that shapes the foundation of our development processes and helps to ensure the outstanding performance of our industry-leading technologies. More than 1000 leading enterprise brands trust Insider with their data. As a GDPR-compliant and ISO/IEC 27001 ISMS certified company, data privacy and security lie at the core of our technology — and our culture: We proudly announce that we have successfully completed the SOC 2 Type 1 audit and are committed to performing further SOC 2 examinations in the future.

The scope of our SOC 2 Type 1 Report includes:

Scope: Insider Growth Management Platform

Selected SOC 2 Criteria: Security, Availability, and Confidentiality

Examination Type: SOC 2 Type 1

Review Date: February 28, 2021

FAQ

What is SOC 2?

Service and Organization Controls 2 (SOC 2) is an audit process that evaluates a company’s ability to securely manage the data it collects and uses during business operations. SOC 2 applies to technology-based service organizations that store customer data in the cloud. By undergoing a SOC 2 audit, a SaaS company demonstrates that it’s able to meet the security criteria that prospective customers must see to confidently share their data (and often their customers’ data). The goal of a SOC 2 audit is to make sure that systems are set up to ensure the security, availability, processing integrity, confidentiality, and privacy of customer data.

How do I request a copy of Insider’s SOC 2 Report?

Insider’s SOC 2 report is available to existing and prospective customers who have signed the appropriate non-disclosure agreement. Contact your customer success manager or account executive to request a copy.

Who administers SOC 2?

SOC 2 is developed and administered by the American Institute of Certified Public Accountants (AICPA).

Who performs a SOC 2 examination?

SOC 2 examinations may only be performed by a licensed CPA firm.

What are the SOC reporting options?

By engaging a licensed and independent CPA to examine and report on a service organization’s controls, service organizations are able to obtain an objective evaluation of the effectiveness of controls that address operations and compliance and develop financial reporting — both of which are necessary to meet the needs of user entities (customers and prospective customers).

To provide the framework for CPAs to examine controls and to help management understand the related risks, the AICPA has established three Service and Organization Control (SOC) reporting options:

SOC 1 Reporting on Controls at a Service Organization (also known as SSAE 16)
SOC 2 Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy
SOC 3 SysTrust for Service Organizations

What’s in a SOC 2 report?

SOC 2 reports attest to:

A service organization’s controls that are relevant to the security, availability, or processing integrity of a system (security, availability, and/or processing integrity criteria)
The confidentiality or privacy of the information processed for the user entities (confidentiality or privacy criteria)

SOC 2 reports are an alternative to SOC 1 (SSAE 16) examinations, which may only attest to a service organization’s controls that are likely to be relevant to user entities’ internal controls over financial reporting (ICFR).

As part of the SOC 2 examination, a service organization may opt to be evaluated against five Trust Services Criteria. An organization may select any combination of the following:

Security: The system is protected against unauthorized access, use, or modification.
Availability: The system is available for operation and use as committed or agreed.
Processing integrity: System processing is complete, valid, accurate, timely, and authorized.
Confidentiality: Information designated as confidential is protected as committed or agreed.
Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA.

Insider, Inc. selected the following three specific Trust Services Criteria: Security, Confidentiality, and Availability.

What are the two types of SOC 2 examinations?

SOC 2 reports that attest to management’s description of a service organization’s system and the suitability of the controls’ design are referred to as Type 1 reports. These examinations always have a review date. Insider completed the SOC 2 Type 1 examination on February 28, 2021.

SOC 2 reports that attest to management’s description of a service organization’s system and the suitability of the controls’ design and operating effectiveness are referred to as Type 2. These examinations always have a review period.

What is a restricted use report?

SOC 2 reports are restricted use reports, which means that only certain authorized users may access and view the report. Generally, authorized users of Insider’s SOC 2 reports include the following:

Insider, Inc. management
User entities (customers) of the services provided by Insider, during the time period of the examination
Prospective user entities
Independent auditors of current and prospective user entities
Other parties who have sufficient knowledge and understanding of Insider’s services covered by the SOC 2 report

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-81205217-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 7 months 15 days 6 hours	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description
ins-c	1 day	No description
ins-storage-version	1 year	No description
insdrPushCookieStatus	1 day	This cookie is set by the provider Insider. This cookie is used for web push recieving.
RUL	1 year	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.