At Spiff we see Security and Privacy as a combined “Trust.” We believe this Trust is established and upheld by the following six pillars:
- Security, including Operations, Corporate Product, Customers, Production, Automation, Red Team / Blue Team, and Compliance
- Quality Management Systems, including Quality of Standards, Quality of Certifications, and Quality of Training
- Data Protection, including Data Privacy, Privacy by Design, Privacy Impact Analyses, and though leadership operations around data scanning, data hygiene, data loss prevention, data retention, and data deletion
- Risk and Assurance, including Internal Auditing (more than just security), Enterprise Risk Management, Business Continuity, Disaster Recovery, and 3rd Party Risk Assessments and Management
- Office of Governance and Project Management, tracking operational excellence and metrics
- Customer Advocacy and Go To Market Enablement
Spiff is happy to share that we have SOC 1 Type II and SOC 2 Type II attestation reports that we would love to share with you. If you would like to review these, please fill out this form and we will be in touch shortly.