Innovation requires trust. In the era of AI and advanced Cyber threats, your software supply chain is only as strong as its weakest link. We refused to be that link.
Today, we are thrilled to announce that we have achieved both SOC 2 Type 2 and ISO 27001 certifications. This places us in an elite group of only 6 PRM providers globally to hold this dual standard of security.
To our customers across the Technology and AI sectors: We know that "good enough" security doesn't cut it anymore. You need proof. You need rigor. You need a partner who treats your data with the same severity that you do.
Here is what these certifications mean, and why they are critical for your partner ecosystem.
SOC 2 Type 2
Data security has moved from a "nice to have" to a critical workflow requirement for enterprise software. While many vendors stop at SOC 2 Type 1 (which is just a point-in-time snapshot), we committed to Type 2.
A SOC 2 Type 2 report is an independent audit into how we store and manage customer data based on the AICPA’s 5 Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity, and Privacy.
Unlike a simple checklist, our Type 2 audit involved a rigorous observation period of 6-12 months. Auditors didn't just ask if we had rules; they tested them. They examined everything from our access controls and software development life cycles to our vendor risk management.
What this means for you:
SOC 2 is effectively a "customer trust tool." It provides granular details on every aspect of our audit, including the auditor's opinion and the specific tests performed. For IT teams and Channel Operations leaders, this certified data security means one less administrative headache. You have third-party verification that our controls are operationally effective every single day, allowing you to scale your partner fleets with confidence and significantly less paperwork.
ISO 27001: The Global Management System
If SOC 2 is the proof of practice, ISO 27001 is the global blueprint.
ISO 27001 is the internationally recognized gold standard for Information Security Management Systems (ISMS). While SOC 2 is flexible—allowing organizations to select specific controls—ISO 27001 is comprehensive and prescriptive.
It requires us to implement a rigid set of 93 controls (Annex A) covering people, organisational, technological, and physical security. It validates that we have:
- A documented system for proactively identifying and reducing risks.
- Strict controls for data access, encryption, and incident handling.
- An ongoing program of monitoring and improvement based on the Plan-Do-Check-Act (PDCA) cycle.
What this means for you:
While SOC 2 is the standard for North American SaaS, ISO 27001 is the global language of security. It ensures that no matter where your partners are located, our security governance isn't just a policy—it is a mature, international standard built into the very architecture of our platform.
Why Dual Certification is Critical for PRM
You might be asking: Why do I need my Partner Relationship Management software to be this secure?
PRMs are unique. Unlike internal tools that sit safely behind your firewall, a PRM is a bridge between your internal data and the outside world. Here is why this dual certification is non-negotiable for modern partner ecosystems:
1. The "Gateway" Risk
Your PRM is often integrated directly with your CRM (Salesforce, HubSpot, etc.) and your ERP. If a hacker compromises a PRM, they often gain a backdoor key to your internal systems. By holding both certifications, we secure that gateway with the highest possible standards.
2. Sensitive Revenue Data
PRMs house your Deal Registration data. This is literally your revenue roadmap—containing customer names, deal values, and pricing strategies. This is high-value data that competitors or bad actors would pay to access. We protect the commercial interests of both you and your partners.
3. Supply Chain Integrity
In the age of AI and supply chain attacks, hackers target vendors to get to the "big fish." By achieving the same security clearance as the enterprise clients we serve, we ensure the chain remains unbroken.
Our Promise
Holding one certification is good. Holding both places a vendor in the top 1% of security maturity.
By combining the rigorous proof of practice (SOC 2 Type 2) with a world-class management framework (ISO 27001), we offer total peace of mind. It signals zero compromise on data governance when scaling your partner ecosystems.
This is our promise to you: We will continue to build the world's best PRM, on the world's safest foundation.
Need the details?
You can access our Trust Center to view our certifications or request our full security packages.
Frequently Asked Questions
While SOC 2 Type 1 is a point-in-time snapshot of a vendor's security design, SOC 2 Type 2 is a rigorous audit of operational effectiveness over a period of time (usually 6-12 months). For Partner Relationship Management (PRM) software, Type 2 is critical because it proves that security controls—like access management and data privacy—are actively working every day to protect sensitive partner data, rather than just being a theoretical policy.
SOC 2 is the standard for North American SaaS, but ISO 27001 is the internationally recognised "gold standard" for information security management. Having both certifications ensures a PRM vendor meets global compliance needs. ISO 27001 provides a comprehensive framework (ISMS) for managing risks across people, processes, and technology, making it essential for companies scaling their partner ecosystems into international markets like Europe and Asia.
Secure PRM software protects partner data by implementing rigorous controls verified by audits like SOC 2 Type 2 and ISO 27001. These controls include encryption, strict access governance, and vendor risk management. This prevents "Gateway Risk," where hackers exploit a PRM to access connected internal systems like CRMs (Salesforce) or ERPs, ensuring that sensitive deal registration data and customer leads remain confidential.
"Gateway Risk" refers to the vulnerability where attackers target a third-party vendor—like a PRM platform—to gain a backdoor entry into a company's core internal systems. Since PRMs integrate deeply with CRMs and ERPs, an unsecured PRM can act as a bridge for cybercriminals. Choosing a dual-certified (SOC 2 + ISO) vendor eliminates this weak link, securing the connection between external partners and internal data.
Achieving both certifications is resource-intensive and difficult. It places a vendor in the top tier of security maturity (currently, only about 6 global PRM providers hold both). It requires passing independent audits that test hundreds of controls, from physical security to software development lifecycles. Dual certification signals a vendor's absolute commitment to data governance, differentiating them from competitors who rely on "good enough" security measures.