<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=120264438549966&amp;ev=PageView&amp;noscript=1">

Why SOC Compliance Matters

why soc compliance matters in the cannabis space


We know the complexities that come with operating a cannabis business, and that’s why you need the highest-skilled IT partners in the industry to maintain compliance, successfully audit your financial data, and increase your revenue year-over-year. 

Asking your software providers if they are SOC Type 1 or SOC Type 2 certified indicates the kind of service quality you’ll be receiving from that provider. At the very least, you need to find a SOC Type 1 certified software provider, ideally moving towards a SOC Type 2 certification or already there. 

What does SOC Type 1 and Type 2 mean? 

Don’t know what SOC Type 1 or Type 2 means? It’s not too complicated, but it’s definitely important to learn the difference so your business succeeds. First, SOC in this sense means “service organization control” and it’s a certification for certain service providers specifically. SOC certifications examine companies like Flourish Software in-depth, basically auditing the way we handle business to ensure we are protecting our clients’ software and data. 

There are three different main branches of SOC, just referred to as SOC 1, 2, and 3, and SOC 2 is what we’re referring to in this article. SOC 2 certifications are relevant for service providers involved with processing integrity, security, availability, confidentiality, or privacy, which are vital to the cannabis space. 

SOC 2 Type 1 certifications describe procedures and other variables during a certain point in time, while SOC 2 Type 2 audits observe controls and systems that take place over a specified amount of time. This allows a more in-depth audit and gives the experts a greater chance of catching anything we might be doing wrong, as well as reaffirming the number of ways we keep our clients safe. 

Flourish Software’s commitment to data integrity

Flourish Software is proudly SOC 2 Type 2 certified. 

These categories are important in any space, but in a high-risk industry like cannabis: it’s crucial. Dispensary consumers are entitled to privacy when it comes to their personal data, for example, and a SOC 2 Type 2 certification ensures your software provider is correctly safeguarding that data. 

Our software fuels the cannabis supply chain, from seed to sale, so there are many opportunities for privacy breaches, inaccurate reporting, and unstable software this certification helps prevent. Unfortunately, cannabis is considered to be a high-risk industry; it appeals to hackers and those looking to access what cannabis businesses have to offer, whether it’s data or products. This means the cannabis industry is no stranger to security and data breaches, so securing the right software provider shouldn’t be taken lightly. 

Cannabis data breaches happen, but they’re preventable

One of the most recent breaches happened in January of this year. Cannabis point-of-sale system, THSuite, unintentionally leaked more than 85,000 files from dispensaries across the United States, including more than 30,000 records containing consumer’s personal information. The problem? The data was kept in an unsecured and unencrypted Amazon S3 bucket owned by THSuite and included consumer’s full names, addresses, emails, birthdays, and even purchasing details like what they purchased, how much, and when. 

This is exactly why Flourish Software secures your data in an encrypted state. THSuite’s breach could have been prevented with just a little more data protection. Our software also utilizes other protective tools like VPNs to encrypt and make private your internet traffic, firewalls, and multi-factor authentication to protect your customer’s data. If you’re a dispensary, we can hide sensitive information on-screen while your customer checks out. 

The data breach at THSuite is a perfect example as to why “just anyone” can’t provide your highly sensitive cannabis business with software and data-storage services. Stepping away from the consumer-facing dispensary environment, your cultivation operation contains proprietary secrets at risk of exposure without proper protection. Imagine your plant’s daily nutrient regimen, your daily, monthly, and annual yields, your patented genetics and processes, high-profile customer invoices, your staff’s personal information, and salaries being released into the cloud and accessible to anyone who wants it.

It’s a nightmare situation for any business, but detrimental to cutthroat and competitive cannabis. 

We’re staying online so you can keep moving

The U.S. cannabis market is worth $61 billion. For you, time is money and we know that. Whether you’re processing thousands of pounds or thousands of dollars, Flourish Software takes the extra steps to always be online, up and running so you can keep up with demand. Our cannabis-specific enterprise resource planning (ERP) operates from three different data centers hosted by Amazon Web Services. 

Before you partner with that snazzy-looking software provider


  1. Are you SOC 2 Type 1 or Type 2 Certified or are you working towards Type 2?
  2. Have you ever experienced a privacy breach? If so, how’d you remedy the situation? 
  3. What guarantees do you offer me as a client to protect my sensitive information?

Ready to partner with us and secure your data? 

Get a demo blog button flourish


Download Our METRC Best Practices Guide