Gem Receives SOC 2 Type II Certification

We’re excited to announce that Gem, the platform for modern recruiting, has received its SOC 2 Type II compliance certification.

San Francisco, CA - April 23, 2020. We’re excited to announce that Gem, the platform for modern recruiting, has received its Service Organization Control (SOC) 2 Type II compliance certification. SOC 2 is a deep external audit, delivered in a detailed final report, that closely examines a company’s information systems to ensure they meet five principles of trust established by the American Institute of CPAs (AICPA): security, availability, processing integrity, confidentiality, and privacy. SOC 2 certification is awarded to businesses who demonstrate their ability to meet the institute’s high standards in each of those categories. The certification underscores Gem’s commitment to safeguarding customer data—and their candidates’ data—over time.

“One of Gem’s founding core values is customer-centricity,” says Gem’s CEO Steve Bartel. “For us, this translates directly into a commitment to protecting customer data. The thousands of recruiters on our platform have already created 2.6 million candidate profiles; and it’s our responsibility to safeguard both the privacy and the security of those folks—both the talent teams who are using Gem for more efficient hiring flows and better candidate experiences, and the talent whose data Gem is capturing. Everyone who touches our platform should feel, and know, that their information is secure.”

The SOC 2 Type II certification is one of many privacy and security measures Gem has incorporated into its infrastructure, but this latest one is very exciting. We’ve been GDPR compliant from our very first product iterations, and we became certified as compliant with SOC 1 last year. SOC 2 Type I assesses whether a business’ systems and design meet the 5 trust principles at a specific point in time, while Type II attests that they met them over a six-month minimum period. In other words, there’s a rigorous historical element—and proof of continued commitment—to Type II.

Gem’s SOC 2 Type II examination was performed by Barr Advisory, facilitated by Vanta, and our certification as compliant began yesterday, April 22. For each of the security criteria mapped to Gem’s controls over the course of the audit, no exceptions in the controls were noted.SOC 2 Type II is an important industry standard, verifying that Gem’s current and future customers can be confident about their data security and integrity.

A huge shout-out to David Dold, our Head of Compliance, who put many, many hours into this certification over the past 6 months. We'd also like to thank Vanta for helping to simplify and automate many of the controls and policies required to complete the audit. Implementing their platform is a large part of what enabled us to become certified so quickly. Gem will continue to align its data practices with the most current accreditations and certifications. For the most current information on our data protection practices, please visit our Privacy Policy, our GDPR Overview, and our Security Page.