Cannabis and Data Privacy: SOC 2 Compliance Overview
Flourish Certifies for SOC 2 Type I Standards
The American Institute of Certified Public Accountants developed the Standard Organization Controls (SOC) auditing procedure to help service providers maintain data integrity, security, and privacy while hosting vital information in the cloud. SOC 2 Type I is a point in time audit. SOC 2 Type II demonstrates controls are working over an observation period. Any software provider should be at least SOC 2 Type I (and ideally on their way to SOC II) before you let them help you manage your data.
Flourish Software was evaluated on all 5 of the “Trust Service Principles”, outlined below.
The Flourish seed-to-sale ERP has achieved SOC 2 Type I certification and is going through the observation process to earn our SOC 2 Type II certification. Flourish engaged Aprio's service auditor to verify the suitability of the design and operating effectiveness of our controls to meet this standards.
We're focused on the security of your data, so that you can focus on your business.
Why did Flourish Pursue a SOC 2 Audit?
Flourish powers every part of the supply chain from cutting the first clone to checking out the final retail sale. Our customers demand that seed to sale data is secure and correct. Publicly traded companies in particular must ensure vendors like Flourish are abiding by the highest industry standards when handling this mission critical data. We're rooted in enterprise supply chain software, and thus we've designed our software and internal processes with these standards in mind from the start. As we've grown, it finally came time to engage an auditor and invest in formally certify for SOC 2 standards.
What is covered in the Flourish SOC 2 Type I Report?
-
Reviewed security protocols to protect customer data and personal information
-
Defined controls to prevent unauthorized access to client data and information
- Documented internal processes to ensure data integrity and application stability
Privacy
Our cannabis ERP takes privacy seriously. That’s why all your user information is stored and transmitted in an encrypted state. For storefront environments, we automatically hide sensitive information on-screen to protect your customers while they are checking out.
Security
Security is best managed with a layered approach; at Flourish Software we use security best practices at each step along the path. We employ tools and technologies such as firewalls, VPNs, TLS Encryption and multi-factor authentication to protect our infrastructure and data.
Availability
We know that for our customers, time is money. That is why we have taken extra steps to always be online. We operate our Cannabis ERP out of 3 different datacenters hosted by AWS and can scale with our user’s demands. This extends throughout all of our infrastructure, everything is replicated to ensure that you can always get work done, from seed to sale.
Processing Integrity
The cannabis industry requires tracing and accountability, Flourish Software’s Cannabis ERP meets this need by validating that your data is stored reliably, and you can see all changes to your data.
Confidentiality
Data visibility and confidentiality is an important aspect of a Cannabis ERP Platform and Flourish Software has demonstrated that your data is only visible to the right people by implementing robust role-based access controls for your employees.
The Flourish team is passionate about data security and keeping our platform online at all times to handle our client's needs. We take our clients trust to heart and recognize how mission critical our services are to operations.
Want to see more of the Flourish seed-to-sale ERP in action? Click here to schedule your demo today.