Molecule is SOC-1 Type 2 and SOC-2 Type 2 Certified
We are proud to announce that Molecule has achieved SOC-1 and SOC-2 certifications, both against the more difficult Type 2 Standard.
While these certifications have given us an opportunity to show off our design prowess,
they also validate that Molecule meets or exceeds SaaS company best practices.
If you're not familiar with SOC 1 and 2 certifications, here's why this matters.
You can have peace of mind and trust Molecule because an independent auditor has reviewed our business operations.
When the American Institute of Certified Public Accountants (AICPA) created these protocols, they set benchmarks related to five areas: privacy, confidentiality, security, availability, and processing integrity.
The process to complete these certifications, especially to meet the requirements for the Type 2 designation, involved detailed questionnaires, data requests, and other inquiries.
Our auditor reviewed internal policies, including cloud security and employee satisfaction. We have demonstrated, to a third-party that is an AICPA firm, that we have systems and controls in place to protect customer data. Here are some of the types of controls they look into:
- Two-factor authentication and usage of SSO
- Employee background checks and annual performance reviews
- Our organizational chart, internal control matrix, and employee job descriptions
- Performing third-party risk assessments
We worked with Tugboat Logic to facilitate these certifications, and we appreciate the support they provided our team.
When companies are trading energy, commodities, or even crypto assets, the data they share with their ETRM/CTRM software provider is highly sensitive. We strive to bake as much security into our platform as possible and update these measures frequently. This is one of the many benefits that our customers get from using a cloud-based ETRM/CTRM.
We do some wacky things to protect our customers. For example – while some of our customers are comfortable sharing their identity, we know that not everybody is. This is one of the main reasons we created our code name and mission badge system for Molecule customers. As Sameer says:
Since Day 1, we've built our platform, and our company, with integrity at its core. But, integrity can feel ethereal and difficult to prove. These certifications validate that our internal policies meet or exceed industry best practices. - Sameer Soleja, Founder & CEO, Molecule
You can learn more about Molecule's security protocols for our ETRM/CTRM software on our website.
We encourage anyone considering implementing an ETRM/CTRM to talk to software providers about their credentials. We are also happy to answer any questions you have about the Molecule platform. Feel free to reach out to us at info@molecule.io.