Tango Achieves SSAE No. 18 SOC 2 Type 2 Certification
Attestation reaffirms commitment to customers of highest standards in process, controls and procedures
Tango is pleased to announce that they are the first vendor in the Real Estate and Facilities space to successfully complete the new SSAE No. 18 (Statement on Standards for Attestation Engagements), Reporting on Controls at a Service Organization (SOC 2), Type 2 examination. The successful completion validates that the design and operating effectiveness of Tango’s Strategic Lifecycle Management software solution meets the criteria for the security, availability and confidentiality principles set forth in the American Institute of Certified Public Accountants’ (AICPA) Trust Service Principles.
“Organizations should only work with vendors who place data security, availability and confidentiality as a priority,” says Bill Thornton, Tango’s Vice President, Information Security. “Obtaining the higher SOC 2 standard validates the security of our infrastructures and services, and our commitment to developing the industry’s most trustworthy and transparent solution.”
Similar in nature to a Type 1 report, which Tango previously obtained, Type 2 goes further to ensure the controls are described and evaluated, for a minimum of six months, to determine if they are functioning as they are specified by management. An auditor tests the controls and issues an opinion based on the operating effectiveness of the controls. There are five Trust Service Principles, or criteria, that comprise a SOC 2 report: Security, Availability, Processing Integrity, Confidentiality and Privacy.
“The meeting of the SOC 2, Type 2 standards for both our data center and our application in conjunction with the third-party verification of our lease accounting solution having met the new FASB and IFRS standards means that Tango is the only independently verified vendor in the space,” explains Pranav Tyagi, President & CEO of Tango. “Achieving these standards reassures our customers and their auditors that we not only have controls in place, but we can follow their controls as well and safeguard their sensitive information.”