This document outlines the commitment of ScriptMe AB to maintaining the highest standards of security, privacy, and processing integrity as part of our SOC 2 (System and Organization Controls 2) compliance efforts. SOC 2 is a widely recognized framework developed by the American Institute of CPAs (AICPA) that assesses the effectiveness of an organisation's controls over the security, availability, processing integrity, confidentiality, and privacy of customer data.
At ScriptMe AB, we understand the importance of protecting the sensitive information entrusted to us by our clients. This compliance document serves as a comprehensive overview of our policies, procedures, and practices that align with the SOC 2 trust services criteria. By adhering to these criteria, we aim to provide assurance to our clients that we have implemented robust controls and measures to safeguard their data and maintain the highest level of service quality.
This document will outline the scope of our compliance efforts, the specific trust services criteria relevant to ScriptMe AB, the security measures we have implemented, our response plan in the event of a data breach, and our commitment to respecting data subject rights. Additionally, it will provide an overview of our approach to SOC 2 audits and our ongoing commitment to continuous improvement and compliance.
It is essential to note that while this document provides a comprehensive overview of our SOC 2 compliance efforts, it should be complemented with other relevant policies, procedures, and technical details specific to ScriptMe AB. Furthermore, we acknowledge that achieving and maintaining SOC 2 compliance is an ongoing effort that requires regular assessments, audits, and enhancements to our controls.
We are dedicated to upholding the principles and standards outlined in SOC 2 to ensure the security, privacy, and integrity of the data entrusted to us by our clients. This compliance document represents our commitment to maintaining the highest level of trust and confidence in the services provided by ScriptMe AB.
- Introduction
ScriptMe AB is committed to maintaining the highest standards of security, privacy, and processing integrity in providing services to our clients. This document outlines our adherence to the SOC 2 trust services criteria of security, privacy, and processing integrity.
- Scope
This compliance document applies to all services provided by ScriptMe AB, including but not limited to data processing, storage, and security measures.
- Trust Services Criteria
ScriptMe AB focuses on the following trust services criteria:
- Security: ScriptMe AB implements robust measures to ensure the security of client data, including limited access by a single authorised individual, AWS strong attack protection, and encryption protocols.
- Privacy: ScriptMe AB acknowledges its role as a data processor and commits to using client data solely for the purposes specified by the data controller. We will not disclose or use the data for any other purpose, except as required by law or to protect our legal interests.
- Processing Integrity: ScriptMe AB guarantees the accuracy and integrity of data processing through our services. We ensure that data is handled in a consistent, complete, and reliable manner.
- Security Measures
ScriptMe AB has implemented the following security measures:
- Limited Access: Only one authorised person within ScriptMe AB has access to customer data.
- Encryption: All data transmitted between user browsers and ScriptMe AB servers is secured via HTTPS (TLS 1.2). Data stored on our systems is encrypted using the AES-256 algorithm.
- AWS Strong Attack Protection: ScriptMe AB leverages AWS strong attack protection to enhance the security of our infrastructure and defend against potential threats.
- Data Breach Response
ScriptMe AB has a data breach response plan in place. In the event of a detected data breach, we will notify the affected client within 24 hours and take appropriate steps to mitigate the impact of the breach.
- Compliance with Rights Requests
ScriptMe AB ensures that clients can comply with rights requests from data subjects. We provide clients with access to the data processed through our services, enabling them to fulfil their obligations regarding data subject requests.
- SOC 2 Audits
ScriptMe AB has not undergone any previous SOC 2 audits or assessments. We are committed to continuously evaluating our controls, policies, and procedures and may engage an independent auditor for future SOC 2 audits.
Conclusion
ScriptMe AB is dedicated to maintaining SOC 2 compliance by adhering to the trust services criteria of security, privacy, and processing integrity. We prioritize the security and protection of client data and continuously improve our practices to meet evolving industry standards.
