Gem Receives SOC 2 Type II Certification
San Francisco, CA – April 23, 2020. We’re excited to announce that Gem, the platform for modern recruiting, has received its Service Organization Control (SOC) 2 Type II compliance certification. SOC 2 is a deep external audit, delivered in a detailed final report, that closely examines a company’s information systems to ensure they meet five principles of trust established by the American Institute of CPAs (AICPA): security, availability, processing integrity, confidentiality, and privacy. SOC 2 certification is awarded to businesses who demonstrate their ability to meet the institute’s high standards in each of those categories. The certification underscores Gem’s commitment to safeguarding customer data—and their candidates’ data—over time.
“One of Gem’s founding core values is customer-centricity,” says Gem’s CEO Steve Bartel. “For us, this translates directly into a commitment to protecting customer data. The thousands of recruiters on our platform have already created 2.6 million candidate profiles; and it’s our responsibility to safeguard both the privacy and the security of those folks—both the talent teams who are using Gem for more efficient hiring flows and better candidate experiences, and the talent whose data Gem is capturing. Everyone who touches our platform should feel, and know, that their information is secure.”
The SOC 2 Type II certification is one of many privacy and security measures Gem has incorporated into its infrastructure, but this latest one is very exciting. We’ve been GDPR compliant from our very first product iterations, and we became certified as compliant with SOC 1 last year. SOC 2 Type I assesses whether a business’ systems and design meet the 5 trust principles at a specific point in time, while Type II attests that they met them over a six-month minimum period. In other words, there’s a rigorous historical element—and proof of continued commitment—to Type II. Gem’s SOC 2 Type II examination was performed by Barr Advisory, facilitated by Vanta, and our certification as compliant began yesterday, April 22. For each of the security criteria mapped to Gem’s controls over the course of the audit, no exceptions in the controls were noted.