We’re thrilled to announce that Design Huddle has completed its SOC 2 Type 1 and Type 2 certifications, a significant milestone in our commitment to safeguarding customer data and maintaining the highest security and operational standards. Our System and Organization Controls certifications demonstrate our ongoing compliance with the Trust Services Criteria (TSC) by monitoring the design and effectiveness of our controls for security, availability, and confidentiality. 

SOC 2 Type 1 vs. SOC 2 Type 2 - What’s the difference?

SOC 2 Type 1 and Type 2 reports, developed by the American Institute of Certified Public Accountants (AICPA), give customers confidence that a service provider is secure, reliable, and consistently follows ethical business practices. 

Our SOC 2 Type 1 audit assessed whether our organization's security controls are well-architected and thoughtfully implemented at a specific point in time, verifying that the appropriate security systems are actually in place. Earning a SOC 2 Type 1 certification required extensive documentation of our security controls, policies, and procedures. We conducted an internal audit to ensure all controls were functioning as intended ahead of the formal audit. The official audit, completed by a Certified Public Accountant (CPA), confirmed the accuracy and effectiveness of our controls. 

A SOC 2 Type 2 certification, in contrast, validates not only that our organization's controls are correctly implemented but also that they operate effectively over an extended timeframe. The report provides customers with assurance that the controls are reliable, enabling them to make informed decisions about who handles their data and how it is protected. 

Achieving a SOC 2 Type 2 certification is a significant accomplishment that demands extensive time and collaboration across multiple departments. The most critical aspect of our SOC 2 Type 2 certification is the validation of our controls' effectiveness in meeting the commitments we make to our customers.

Our path to earning a SOC 2 Type 2 certification included four essential components:

1. Design Huddle management’s description of the system
   Our team provided a comprehensive description and overview of the system. We defined what the system is, how it operates, the data collected, the services offered, and the controls and security frameworks in place regarding our infrastructure, software, people, processes, and data. This description also outlined our ability to follow through on our commitment to providing a secure solution for customers. 
   
   

2. Independent service auditor opinion and final report
   A licensed and registered CPA, who also serves as an Independent Service Auditor, carried out an assessment to form their opinion on the system's effectiveness and highlight any critical gaps. The auditor reviewed the accuracy of our management’s description, as well as the sustainability and operating effectiveness of the implemented controls.
   
   

3. Design Huddle management’s assertion
   We delivered our formal statement, confirming that the system description is accurate and that our controls are properly designed and functioning effectively to meet the TSC standards. 
   
   

4. Tests of controls and results
   The Independent Service Auditor outlined the controls tested, along with the procedures for testing controls, the results, and whether they were operating effectively during the specified timeframe.

Committed to your data protection and security

Earning SOC 2 Type 1 and Type 2 certifications not only establishes confidence with our customers but also holds our team accountable to the strictest data security and operational practices. We greatly value the trust you place in us and remain committed to investing in data protection and security, continually striving to uphold the highest standards of excellence.

To access our SOC reports, please visit the Design Huddle Trust Center.