<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=120264438549966&amp;ev=PageView&amp;noscript=1">

Cannabis and Data Privacy: SOC 2 Type II Compliance Overview


Flourish Achieves its SOC 2 Type II Report

The American Institute of Certified Public Accountants developed the Standard Organization Controls (SOC) auditing procedure to help service providers maintain data integrity, security, and privacy while hosting vital information in the cloud. SOC 2 Type I is a point-in-time audit. SOC 2 Type II demonstrates that controls are working over an observation period. Any software provider should be at least SOC 2 Type I (and ideally on their way to a Type II) before you let them help you manage your data. We are thrilled to announce that Flourish Software has achieved and annually renewed a SOC 2 Type II certification since 2020. This accomplishment is a testament to our unwavering commitment to security, data integrity, and the trust our customers place in us.

Flourish Software was evaluated on all 5 of the “Trust Service Principles”, outlined below.   

image via security blvd

Ask your cannabis software platforms if they are SOC compliantAt Flourish, security is at the forefront of everything we do. We understand the critical importance of safeguarding sensitive data and maintaining the highest privacy and compliance standards. Achieving SOC 2 Type II certification demonstrates our dedication to implementing and maintaining robust security controls.

Obtaining SOC 2 Type II certification is no small feat. We underwent a rigorous audit process conducted by Aprio, a leading service auditor. This process evaluated our controls and their effectiveness over an extended period. It involved understanding complex requirements, preparing extensive documentation, and implementing necessary changes to meet compliance standards.

Why did Flourish Pursue a SOC 2 Audit?

Flourish Software's pursuit of the SOC 2 Type II certification was driven by a steadfast commitment to data security, integrity, and privacy. This certification signifies more than just a mark of distinction; it provides our clients with the assurance that their sensitive information is safeguarded according to stringent industry standards.

In the cannabis industry, where compliance with regulatory requirements is crucial, demonstrating robust security measures becomes all the more essential. The SOC 2 audit process has been instrumental in identifying areas for potential enhancement, fortifying our internal controls, and boosting overall system resilience.

We believe that building lasting relationships with our clients hinges on transparency and trust. Our SOC 2 Type II certification is a testament to our determination to uphold these values.

What is covered in the Flourish SOC 2 Report?

  • Security: The report confirms that Flourish has systems in place to protect against unauthorized access (both physical and logical). Security is best managed with a layered approach. At Flourish we use security best practices at each step along the path.  We employ tools and technologies such as firewalls, VPNs, TLS Encryption, and multi-factor authentication to protect our infrastructure and data.   
  • Availability: The report verifies that the systems are available for operation and use as committed or agreed. We never want your point of sale to go down. 
  • Processing Integrity: The report affirms that system processing is complete, valid, accurate, timely, and authorized.
  • Confidentiality: The report validates that information designated as confidential is protected as committed or agreed. This includes how we view the data as well as how we support clients in handling data.

  • Privacy: The report confirms that personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA.

Future Plans for Maintaining Compliance

Our journey doesn't end with achieving SOC 2 Type II certification. We continuously strive to enhance our security measures and stay ahead of evolving threats. We are committed to maintaining compliance with industry standards and regulations, ensuring the ongoing protection of our customers' data.

"Achieving SOC 2 Type II for the third year is a testament to our team's commitment to security and the integrity of Flourish's systems. This isn't just an audit. It's how we work." - Colton Griffin, CEO

As a supply chain software provider, we understand the unique needs of our customers, particularly those in the cannabis industry. Publicly traded companies and security-conscious businesses require the highest industry standards when managing their mission-critical data. Our SOC 2 Type II certification reaffirms our position as a trusted partner in the industry.

We are proud to have undergone the SOC 2 audit process, ensuring that Flourish Software meets the highest standards of data security and privacy. Our focus on the security of your data allows you to focus on your business, knowing that your information is in safe hands.

Want to see more of the Flourish seed-to-sale ERP in action? Click here to schedule your demo today.

Book a Demo Today


Download Our METRC Best Practices Guide