Broadsign achieves SOC 2® Type 2 compliance: Here’s why it matters

July 21, 2022Quinn Mason

At Broadsign, keeping our customer data secure will always be a top priority. It’s why we’re committed to ensuring that our controls, policies, and procedures meet the highest standards and continue to evolve as our business grows. Broadsign has successfully completed another key milestone on our information security roadmap by achieving compliance with SOC 2 Type 2—widely regarded as a gold standard for information security. Read on to find out more about this globally recognized security accreditation and the value it brings to our clients and partners.

Why SOC 2 compliance matters in 2022

It’s official: data is now the most valuable asset in the world, ahead of oil, according to the Economist. It can help your company meaningfully engage with customers, make informed business decisions, and gain a competitive advantage. First-party data is especially significant in the digital signage space, where it has become an integral part of dynamic DOOH campaigns and a prerequisite for enabling programmatic selling. But as the value of organizational data has grown, so too have the security risks. Attacks targeting cloud resources are on the rise, and enterprises need help understanding which cloud-based service providers they should consider working with to ensure their sensitive data stays secure. That’s where SOC 2 certification comes into play.

SOC 2 compliance is a voluntary step taken by Broadsign, as a SaaS and cloud-computing vendor, to provide added trust and assurance to protect its customer’s data in the cloud. Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 (which stands for “System and Organization Controls” 2) evaluates the internal systems and security controls a tech service business uses to protect customer data in the cloud. As digital threats continue to evolve and cybersecurity remains a top business challenge in 2022, SOC compliance has become a gold standard to ensure organizations are adhering to best practices when securing sensitive internal and customer data. Having a SOC 2 report is a badge of trust and an important step in providing our customers with added peace of mind.

What SOC 2 means for our customers

At Broadsign, data security has always been a top priority for both ourselves and our customers. We successfully completed a SOC 2 Type 1 audit back in 2017 and updated our report to include proof-of-play and campaign performance information after undergoing a second independent audit the year after. This time around, we worked with independent consulting firm KPMG to perform an audit of our policies and procedures and achieve SOC 2 Type 2 compliance—further reinforcing our ongoing commitment to security within our digital signage platform. 

While our security protocols have always been incredibly rigorous, it is our priority to always meet the highest possible security standards. DOOH network owners around the world rely on us to help buy, sell, and deliver out-of-home media, and that means they trust us with their confidential customer data. A SOC 2 certification provides added assurance to our clients and partners and opens the door to prospective enterprises with more stringent regulations around security and compliance requirements. In short, achieving SOC 2 compliance proves our commitment to continually assessing our compliance and data security measures to ensure the highest standards are never compromised—and it should give your company the confidence to choose Broadsign as the most trusted and secure DOOH platform on the market. 

“It’s gratifying to achieve the rigorous SOC 2 Type 2 audit at the same time that we continue to enhance our digital offerings. With this attestation, our aim is to enhance the established trust and assurance we have with our customers by undergoing one of the highest forms of independent assurance available in the marketplace today. We’re extremely proud of the entire Broadsign team who worked – and continue to work – tirelessly to achieve and sustain this certification.”

Joe Cotugno, Sr. Vice President International Operations

What’s involved in the SOC 2 certification process?

According to AICPA standards, a SOC 2 audit must be completed by a third-party auditor. The auditor assesses the extent to which a cloud-based service provider’s systems and processes comply with one or more of SOC’s five trust principles, referred to as Trust Services Criteria (TSC): Security, Privacy, Confidentiality, Processing Integrity, and Availability.

What sets SOC 2 apart from other security certifications is that it lets each business decide how best to implement the SOC 2 framework according to their own objectives and operations. It’s not a prescriptive list of controls, processes, or tools. Instead, the auditor evaluates how well a business has implemented controls relevant to the selected TSC criteria and gives their opinion of overall effectiveness for:

  • the design of a company’s security program (SOC 2 Type 1) 
  • the execution of the program over a period of time (SOC 2 Type 2)

The auditor then compiles their opinions and findings into a report (the SOC report) that’s unique to each business and can be used to assure customers of the steps taken to manage their data. 

Building on our previous SOC 2 Type 1 certification, SOC 2 Type 2 is a more rigorous audit that evaluates the execution of an organization’s security program over a period of time. As a result, our successfully completed SOC 2 Type 2 audit is more in depth review of the ongoing state of our cloud security. For more information, contact your Broadsign representative.