INSIDE MOMENTIVE

What our SOC 2 Type 2 certification means for customers.

Shelbi Scott

January 19, 2022 | 3 min read

SHARE THIS ARTICLE

One of the many things that businesses have begun to appreciate during this pandemic is the power that technology has to enable employees to work fully remote. As Momentive CIO Eric Johnson wrote in September, the pandemic has led IT to completely rethink business operations. However, remote work and digital transformation due to the pandemic have also increased the average total cost of a data breach in business. According to IBM’s study of 537 data breaches across 17 countries, the average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor. 

Industry standards such as System and Organization Controls (SOC) for Service Organizations reports  developed by the American Institute of Certified Public Accountants (AICPA), are designed to provide customers with peace of mind around how their vendors manage and process data. SOC 2 is an independent auditing procedure that provides assurance about the systems and processes that a service organization uses to process customer data and the confidentiality and privacy of the information being processed. Momentive recently achieved SOC 2 Type 2 certification, adding to our existing ISO 27001 certification. 

Achieving SOC 2 Type 2 certification is a significant effort and it demonstrates to our customers that we have an established process on securely managing data and running a world-class security program.

Our SOC 2 Type 2 certification applies to the SurveyMonkey and GetFeedback platforms. 

Three trust service principles fall under the SOC 2 criteria for managing customer data: security, availability, and confidentiality. 

At Momentive, we take our responsibility to protect and secure your enterprise information seriously. Security is built-in across our products, infrastructure, and processes. 

We use encryption, access control, and need-to-know processes to ensure proper handling of customer data throughout its lifecycle. Our global Trust & Security team works around the clock to monitor and manage our security posture. They are responsible for security compliance, education, operations, and incident response. 

Data resides on our infrastructure, which is hosted and managed on public clouds. We select public cloud vendors that demonstrate and adhere to rigorous data protection processes. In addition, we perform rigorous security testing and maintain security incident response policies. These processes help us to adhere to 99.9% uptime of our web services. 

One of our most important security strategies is to comply with and expand coverage of the industry regulations that matter to businesses. In addition to our SOC 2 Type 2 certification, we work with multiple third-parties to audit and certify our products with ISO 27001, PCI DSS 3.2, and more. 

View our Security Statement for more details about how we protect data for both our enterprise and individual customers.  

Brent Williams is chief information security officer at Momentive