Keeping your data safe is our top priority at Karbon. Nothing else is more important. Our platform is built from the ground up to protect your information and provide you with complete control over what is yours.
This is why we are so proud to announce that we have successfully completed a SOC 2 Type 2 examination. The SOC 2 Type 2 report that we have now received certifies that the Karbon application complies with best practices for security, availability, and confidentiality according to standards set by the American Institute of Certified Public Accountants (AICPA).
A Systems and Organization Controls (SOC) report is a report describing the design and operation of internal controls (i.e. systems, people, procedures, and processes) performed by a service organization.
SOC reports are issued by a Certified Public Accountant (CPA) to provide an independent, non-bias opinion on the state of internal controls of a service organization (such as Karbon) for a defined period of time. A SOC report provides valuable information to management of a service organization and the users of the services provided by a service organization.
The CPA’s opinion within a SOC 2 report communicates assurances about internal controls within our company and how these internal controls support our ability to deliver our service commitments—our “guarantees” that we provide to customers and users of the Karbon app. The service commitments include:
Security: Our commitment to maintaining appropriate security within the Karbon system
Availability: Our commitment to maintaining the continued operation and availability of the system.
Confidentiality: Our commitment to protecting the sensitivity and confidentiality of the information collected, processed, and stored within the system
The receipt of a SOC 2 Type 2 report communicates that we have performed the necessary procedures to provide a secure and functional web application, while protecting the confidentiality of the data we collect, process, and store in connection with your use of our system.
In addition to the receipt of our SOC 2 report, we have received a SOC 3 report. A SOC 3 report is similar to a SOC 2 report, however, it includes a summary of information that is included within the SOC 2 Type 2 report and is intended for general use purposes.
Our SOC 3 report includes a detailed description of the Karbon Accounting Work Management System and an overview of the internal controls that support our service commitments for security, availability, and confidentiality.
If you are a customer and would like to receive a copy of our full SOC 2 Type 2 report, please contact your customer support or sales representative.
Chief Information Security Officer, Karbon
Christopher Johnson is the Owner and Managing Director of Johnson Risk Advisory Services and also acts as Karbon's CISO. He has over 8 years of experience including big four assisting companies with internal controls, information security, and data protection, and specializes in SOC examination services.