Keeping your data safe: Humi and SOC 2 Type II compliance

Jun 6, 2024
min read

At Humi, we understand the importance of trust. You entrust us with sensitive company and employee data, and we take that responsibility very seriously. That's why we're proud to have achieved SOC 2 Type II compliance – a rigorous independent audit that demonstrates our commitment to the highest security standards.

But what exactly is SOC 2, and why does it matter? We’ll break it down in this blog.

What is SOC 2?

SOC 2 stands for System and Organization Controls 2. It's a set of standards developed by the American Institute of Certified Public Accountants (AICPA) to assess the security, availability, processing integrity, confidentiality, and privacy (all part of the Trust Service Principles) of a service provider.

There are two main types of SOC 2 reports (both of which Humi has!):

  • Type I: This report provides a point-in-time snapshot of a service organization's controls. It essentially says, "Yes, we have these security measures in place."
  • Type II: This more in-depth report goes beyond design, evaluating how effectively those controls operate over a period of time. It answers the question, "Are these controls working as intended?"

SOC 1 vs. SOC 2

SOC 1 and SOC 2 are both auditing standards developed by the AICPA. While they both focus on control, they have different areas of emphasis. Here's a breakdown of their key differences.


SOC 1 concentrates on a service organization's controls over financial reporting. It's typically used by organizations that process financial data for their clients. The goal is to assure the client that the service organization's controls won't negatively impact the accuracy of their financial statements.

SOC 2 has a broader scope, focusing on a service organization's controls relevant to the Trust Service Criteria (TSC). These criteria encompass:

  • Security: Safeguarding information systems and data from unauthorized access
  • Availability: Ensuring systems and data are accessible to authorized users when needed
  • Processing Integrity: Guaranteeing data is processed accurately, completely, and timely
  • Confidentiality: Protecting the privacy of sensitive information
  • Privacy (optional): Demonstrating adherence to specific privacy regulations

Who needs it?

SOC 1 is typically needed by organizations that outsource financial reporting tasks, like payroll processing or bookkeeping, to a service organization.

SOC 2 is more widely applicable. Any organization that uses a service provider that handles their data can benefit from a SOC 2 report. It's particularly important for companies that deal with sensitive data or are subject to strict data privacy regulations.

Humi and SOC 2 Type II

By achieving SOC 2 Type II compliance, Humi demonstrates that we:

  • Have robust security controls in place to protect client data
  • Regularly test and monitor those controls to ensure their effectiveness
  • Maintain a secure environment for processing, storing, and transmitting data

This rigorous audit process gives our clients peace of mind knowing their data is secure. But it's not just about compliance; it's about building trust.

Why SOC 2 matters 

In today's digital world, data security breaches are unfortunately common. These breaches can have serious consequences for businesses, including financial losses, reputational damage, and regulatory fines. By achieving SOC 2 Type II compliance, we’re demonstrating our commitment to protecting our clients’ data from these threats.

Here are some of the specific benefits that SOC 2 compliance brings to our clients.

Enhanced security

Our rigorous SOC 2 audit process ensures we have identified and addressed potential security risks. This translates to a more secure environment for company and employee data, reducing the likelihood of a data breach.

Increased trust

The independent audit verification provided by SOC 2 compliance gives clients peace of mind. They can be confident that their data is in safe hands and that we’re taking all necessary steps to protect it.

Improved compliance

Many regulations require businesses to work with vendors who meet certain security standards. SOC 2 compliance can help clients demonstrate that Humi meets these standards, simplifying their own compliance efforts.

Competitive advantage

In today's competitive business landscape, security is a major differentiator. By achieving SOC 2 Type II compliance, we’re demonstrating our commitment to data security, which can give our clients their own edge.

It helps them attract new clients who are increasingly security-conscious and looking for vendors who can meet their strict security requirements, and/or retain existing clients who may be concerned about the security of their data. 

Humi, your trusted partner

At Humi, achieving SOC 2 Type II compliance is just one step in our ongoing commitment to information security. We’re constantly working to improve our security by implementing new technologies, enhancing our internal processes, and staying up-to-date on the latest security threats. 

We take security seriously because trust is everything, and by achieving SOC 2 Type II compliance, we’re demonstrating our commitment to protecting client data and building trust with our clients. 

For a deeper dive into Humi's commitment to data security, visit our Trust Centre.

Topics in this article
About the Author
Subscribe to Humi Blog
You can unsubscribe anytime. Privacy policy.

Subscribe to Think with Humi

Advice from Humi's leaders

Our newsletter is written by some of the brightest minds at Humi, with expertise in a wide range of topics: from customer experience to finance, and everything in between.

Not your typical content

We know that the world of business is constantly evolving – so you don’t need to be told the same advice you've been hearing for years. We keep things fresh and give you innovative ideas that come out of our experiences working at a startup.

Practical resources

We always try to provide a list of resources that we find useful. If a template or an article has helped us, it’s probably going to help you too.

Explore Topics