We are excited to announce that Whova has recently completed the Systems and Organizations Controls audit and certification and become SOC 2® Type 2 compliant. A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2® Type 2 report acknowledges Whova’s practice of reliable, safe, protected, and trustworthy management of customer data security and privacy.
As an award-winning event management platform, Whova always strives to meet our customers’ regulatory and compliance obligations. The SOC 2® Type 2 certification proves that Whova has designed and applied effective operations and procedures to maintain security and privacy of the data for event organizers and participants, including event content, exhibitors, sponsors, speakers, registration, messages, discussions, profiles, interests, networking activities, and more.
What is SOC 2® Type 2 Compliance
The SOC 2® Type 2 Compliance auditing is an independent third-party examination process developed by the American Institute of CPAs as part of the System and Organization Control standard. It covers five “trust services principles”: security, privacy, availability, confidentiality, and processing integrity of customer data.
To ensure that Whova keeps customer data safe, private, secure, and reliable, the compliance auditors performed thorough, rigorous, eight-month long examinations on the entire organization, including various company policies, procedures, and practices in almost all Whova departments. During the review process, the compliance auditors requested and examined detailed evidence of Whova’s data security and privacy practices and ensured that these procedures are applied and monitored regularly to effectively protect the customer data privacy and security.
More Practices to Safeguard Customer Data Security and Privacy
Besides SOC 2® Type 2, Whova has also implemented other common standards and measures to meet our customers’ regulatory and compliance obligations, including:
- PCI DSS compliance – Our compliance with the Payment Card Industry Data Security Standard (PCI DSS) ensures that our customers’ cardholder data and transactions are private and secure. We do not store credit card information after transaction authorization. Our payment processor, Stripe, complies with PCI 3D Secure.
- SSL Encryption – We heavily encrypt our customer’s data to maintain its privacy, authenticity and integrity with end-to-end encryption. We renew our SSL certification every year.
- EU-US Privacy Shield + General Data Protection Regulations (GDPR) – We do not store European attendees’ data without their active consent. We also do not sell the personal information of our customers to any third party.
- High-Security Cloud Servers – To keep our customers’ data safe, our servers and data centers are hosted by the world’s leading high-security cloud system, Amazon Web Services (AWS).
For more information about Whova’s data security and privacy practices, check out this page.
Whova’s award-winning event management platform has supported over 30,000 in-person, virtual, and hybrid events and conferences in over 100 countries, downloaded by more than 6 million of users on App Store and Google Play. Whova’s customers include Harvard, L’Oreal, US Department of Energy, US Air Force, Nasdaq, American Marketing Association, TEDx, and thousands of other organizations.
Want to learn more about what Whova can do for your event? Reach out today for a free demo.