Skip over navigation

Contact us to learn more about OroCommerce's capabilities

Contact us

Product News & Updates

Oro Passes SOC 2 Type 2 Audit

July 19, 2021 | Oro Team

Originally published on July 9, 2020, updated on July 19, 2021

The fast spread of COVID-19 and the rush to remote operations meant that security teams couldn’t ignore risk assessment and mitigation processes within their businesses.

While the worst of the pandemic may be behind us, it seems like new security threats emerge on a regular basis. The recent surge of ransomware in B2B eCommerce means that compliance and protection must also keep up. At Oro, we recognize these developments and are fully committed to assisting our customers, partners, and end-users and assuring them that their data is safe and secure at all times.

That’s why we’re excited to announce Oro’s successful completion of the annual SOC 2 Type 2 audit in July 2021. As with last year’s audit in July 2020, this year’s attestation demonstrates Oro’s dedication to providing our customers the high-quality service and confirms that we have the necessary processes and internal controls to safeguard their data.

What is SOC 2 Type 2 Audit About?

The AICPA Service Organization Control 2 (SOC2) is a certification Oro successfully announced back in February that measures the security and availability and provides assurances that data is being managed in a controlled environment. As part of the SOC 2 Type 2 audit, Oro achieved compliance in the following areas:

  • Security: The system is protected against unauthorized access, both physical and logical.
  • Availability: The system is available for operation and use as committed or agreed.

SOC 2 Type 1 vs SOC 2 Type 2

The SOC 2 Type 1 report details the sustainability and robustness of design controls to an organization’s systems. This evaluation details the system at a specific point in time and involves an auditor reporting on the descriptions and the documentation on these controls.

Oro’s technology team chose to undertake SOC 2 Type 2 compliance, which provides a much higher degree of assurance when compared to SOC 2 Type 1.  Unlike SOC 2 Type 1’s spot evaluation, SOC Type 2 requires passing an extensive evaluation of internal controls policies over a 6 to 12 month period.

The SOC 2 Type 2 audit is performed by an independent auditor and demonstrates Oro’s trustworthiness, reliability, and security as a service provider. It is just another step in our commitment to maintaining customer and stakeholder trust in Oro products.

It’s not to be confused with the PCI DSS compliance eCommerce brands utilize to ensure secure online payments.

Information Security for Growing Threats

The pandemic has forced many organizations to enact physical distancing at workplaces or switch to working remotely entirely. Disruption attacks on many high-profile US institutions and industries have got many businesses worried. As cyber threats rise, it’s important to remain proactive rather than reactive and invest in solutions that keep you prepared and help you make the right moves if you get compromised.

As companies navigate the quickly changing cybersecurity landscape, they need reassurance. We at Oro understand the increased risks during these times and remain at the forefront of ever-changing IT compliance and security standards. We will continue to closely monitor and mitigate any security risks in the form of internal controls, and evaluate these controls to protect sensitive customer data.

The SOC 2 Type 2 report verifies that Oro is constantly improving to remain on the cutting edge of safeguards, procedures, and policies when it comes to your data. With our information security program, we aim to build on customer confidence in Oro’s data protection, security, and compliance.

Back to top