Ohi Achieves SOC 2 Compliance to Ensure Protection of Customer Data

soc compliance

Ohi has achieved SOC 2 compliance for trust service principles such as security, availability, and confidentiality.

Ohi, the next-generation instant commerce platform, has achieved SOC 2 Type 1 compliance as a result of fortifying its data security posture. 

The company’s focus has always been on providing our clients with maximum support, and part of that commitment is ensuring their data is handled responsibly. Continuing our commitment, Ohi has achieved SOC 2 Type 1 compliance as an additional step to safeguard our clients’ data.

Ohi levels up on data security, achieves SOC 2 compliance.

Aligning with Ohi’s security-first culture, the Ohi platform is built on a secure foundation. Our platform runs on AWS, which provides a firewall and perimeter security. Firewall settings are checked every quarter to guarantee that they meet the platform’s requirements. In addition, we have security and compliance automation tools like Drata in place to ensure data protection.

The SOC 2 compliance certification is a voluntary measure that demonstrates Ohi’s ongoing commitment to ensuring the highest data privacy standards. 

What does it mean to be SOC 2-compliant?

Being SOC 2-compliant means that a trusted and independent auditor executed an in-depth review of Ohi’s internal operations and security protocols based on standards and guidelines set by the American Institute of Certified Public Accountants (AICPA).

The certification implies that Ohi has effective controls to mitigate any risks concerning security, availability, confidentiality, or privacy in a methodic and comprehensive way. 

The AICPA auditors assess how compliant a company’s security systems and processes are with the below-mentioned trust principles. 

  1. Security: This principle checks that the company has the ability to protect client data throughout its collection, usage, processing, transmission, or storage. It also signals that the company has safety controls in place to prevent unauthorized access to system resources, system abuse, data breaches and theft, software misuse, and incorrect information manipulation or disclosure.
  2. Availability: Whether the customers/clients can access the system as per the agreed terms of use and service or not? This principle checks that the system is resilient against cyber threats and has safety protocols against power outages, hardware failures, or other inconvenient occurrences that may affect the system’s availability.
  3. Confidentiality: This principle implies that the company can protect information that is deemed confidential (from its initial collection). 

How can I find more details about Ohi’s SOC 2 Report?

Whether you are an existing Ohi client or are considering doing business with Ohi, you can request our SOC 2 audit report by contacting us.