Metrc is Officially SOC2 Compliant
The American Institute of Certified Public Accountants (AICPA) developed Service Organization Control 2 (SOC 2) as a component of its Service Organization Control reporting platform. SOC 2 is a technical auditing process and certification to assist service providers in managing data securely while providing assurance to customers that their data is being properly managed.
Maintaining stringent safeguards around consumer privacy and the security of licensee data is of paramount concern to everyone at Metrc. When a business is SOC 2 compliant, it means they are implementing proper security systems around five essential Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy of customer data.
Metrc has committed itself to pursuing the highest industry standards for security across the entire organization. Having an SOC 2 badge on the Metrc website is emblematic of Metrc’s dedication in keeping its customer data private and secure.
A Veracode Verified Standard represents that the following application security practices are embedded into the software development process:
- Assessment of first-party code using static analysis
- Documentation that the application does not allow Very High flaws in its first-party code
- Developer access to remediation guidance Verified Standard is the first of three (3) tiers representing the Verified program.