Demostack receives SOC 2 Type II attestation with highest security standards


Author: David Williamson
Last updated: Published:

We are proud to announce that we have acquired SOC 2 Type II compliance in addition to SOC 2 Type I. Not only do we prove compliance using the highest security and confidentiality standards, but we also turned to PwC to run our assessment because of their decades of experience and commitment to excellence.

This added level of security is, first and foremost, a testament to the priority we place on serving our customers and the degree to which we’ll go to protect their data.

What is SOC 2 Type II compliance?

SOC 2 compliance is a set of standards established by the Association of International Certified Public Accountants (AICPA) for informational security. The certification covers five general principles: security, availability, processing integrity, confidentiality, and privacy.

Adding Type II to Type I requires that internal controls not only acknowledge certain security standards, but also fully adhere to them day-in and day-out. So essentially, Type I certifies that an organization efficiently designed and implemented operational infrastructure in a theoretical sense. Type II confirms that said infrastructure is, indeed, functioning properly in practice as well as in theory over the course of at least six months.

Why did we choose PwC?

PwC is one of the big four accounting firms in the United States. Renowned for their commitment to excellence, PwC is an easy choice for any SaaS firm dedicated to going above and beyond to protect their customers from any potential breach or cyber attack.

We wanted to show the world that when it comes to safety, we never sacrifice quality for expediency. Regardless of how much time or effort it requires, we are committed to securing our technology from any incoming malicious attacks and mitigating any potential risk or unauthorized changes.

Why is it important for Demostack?

Data privacy is at the heart of our entire operation.

That is to say that we intentionally built our product so that SaaS companies could efficiently mask the personally identifying information (PII in their demos). That way, anyone can run an authentic product demo without intentionally or unintentionally revealing sensitive customer, employee, or third-party vendor data.

Whether a business is selling marketing software or financial services, it’s easy for an AE running several demos a day to mistakenly reveal anything from customer email addresses to credit card information while sharing his screen on a Zoom call.

We created Demostack to make it easy for organizations to provide relevant, accurate demos without having to worry about data privacy. Our Demo HQ, which includes our PII shield, is designed to help you conceal personal data as easily as possible, so you can focus on what you do best–selling your product.

SOC 2 Type II compliance shows to the world that we really do take security seriously, and we’re willing to talk the talk and walk the walk. If we’re going to tell our customers how to protect their PII, we should be able to put our money where our mouth is and prove that we are judging ourselves against that same benchmark.

Why SOC 2 Type II now?

Our fourth hire, David Williamson, Head of Governance, Risk, and Compliance, was an industry veteran, so security was a top concern of ours from the very beginning. However, now we’re formally acknowledging those efforts for the sake of our growing customer base.

Now that Demostack is starting to work with Fortune 500 companies, what may have once been formalities are now barriers to entry.

Even though we are relatively young, our solution is in high demand, and if we’re going to service some of the most esteemed institutions in the world, we have to hold ourselves accountable to their standards.

Where will we go from here now that we have SOC 2?

We’ve shown our investors, partners, and suppliers that we will go to great lengths to ensure privacy and confidentiality for our customers. After all, not only are we SOC 2 Type II compliant, but we are also HIPAA and GDPR compliant.

While we will never stop in our efforts to deliver more and more quality, with these certifications in place so early on in our business journey, we can now turn our attention to bringing Demo HQ, our full-stack demo solution, to as many organizations as we can.

Tell us about yourself

Tell us about yourself so we can show you a demo on the first call

Hand holding screenshots of an application