Back to top

To Further Support Finance Transformation in the Cloud, Tidemark Achieves SOC 2, Type 2 Certification

February 2, 2016

Tidemark Completes Independent SOC Audits, Ensuring Safe, Secure and Persistent Control Over Customer Data

REDWOOD CITY, Calif. – Feb. 2, 2016 – Tidemark, maker of modern cloud business planning and enterprise analytics apps, today announced it has received certification from two Service Organization Control (SOC) audits without qualification or exemptions. The audits, which have grown in importance due to the increasing rise of cloud-delivered services and applications, ensures large enterprises that Tidemark maintains meticulous and diligent control over all aspects of protecting financial, operational and other sensitive, corporate data. 

Passing an SOC 1 audit exemplifies Tidemark’s commitment to meeting data protection standards outlined by a range of mandates -- including Sarbanes-Oxley, Basel II/III and ICFR regulations, -- imposed on public companies and those engaged in financial services and other regulated industries. By completing and receiving certification for this audit, Tidemark has demonstrated its ability to maintain data security, compliance and confidentiality. In order to pass the SOC 1, Type 2 audit, Tidemark had to demonstrate it maintains those controls over an extended period of time, requirements that Tidemark met without qualification.

“As companies entrust their mission-critical systems to the cloud, they must have the confidence that their data, applications and customer records are always protected, without fail,” said Tony Rizzo, co-founder and Chief Product Officer, Tidemark.  “Passing SOC 1 and 2 audits has become essential for SaaS vendors who, like Tidemark, serve customers in financial services, insurance, energy, higher-education or other highly regulated industries. Every year we ensure our controls meet those requirements, and we’re proud to have passed this year’s audits without qualification or exemption.”

Tidemark also passed the SOC 2 audit, which is significantly more detailed and focuses on strong security principals and processes. Typically required by enterprise IT Information Security (InfoSec) teams, SOC 2 attestations examine all points of access, segregation of duties, system monitoring and more. The SOC 2, Type 1 report issued about Tidemark documents all of the company’s controls, supporting policy and procedures, and their effectiveness. Tidemark passed all of these tests without exemption.

Brightline, LLC conducted the audits in November by examining more than 180 different control points and more than 700 pieces of evidence. SOC reports are issued only through third parties authorized by the American Institute of CPAs (AICPA).