Announcing Oyster’s SOC 2 compliance

Learn about Oyster's high security standards.

A remote worker holds a paper while staring intently at his laptop screen.

As a global employment partner for companies worldwide, Oyster is entrusted with customer and Team Member data as part of its routine operations. Since we store and manage important and sensitive information, protecting and safeguarding that data is something we take very seriously, so that we can keep the trust that our customers and Team Members have placed in us.

At Oyster, we are committed to following the highest standards of data security. That’s why we’re delighted to announce that we’ve successfully completed our System and Organization Controls (SOC) 2 Type II compliance audit, which certifies that our systems and controls meet the criteria of a respected global standard of information security.

What is SOC 2 compliance?

The SOC 2 framework is a globally recognized informational security standard developed by the American Institute of Certified Public Accountants (AICPA) for companies that provide cloud-based services. It defines a rigorous set of criteria based on five trust services principles: security, availability, processing integrity, confidentiality, and privacy. 

In other words, the SOC 2 standard governs the way data is collected, accessed, used, stored, managed, transmitted, and protected from unauthorized access or improper use.

Why does SOC 2 compliance matter? 

SOC 2 compliance is important because it ensures that companies providing cloud-based software services have effective data security policies, processes, and controls in place to safeguard customer data from cybersecurity risks.


When evaluating vendors, one of the things customers often look for is whether the company has a strong foundation of information security. In fact, some organizations expect and require SOC 2 compliance as a precondition for doing business because it attests to the trustworthiness of the services provided by the company. It’s commonly used to assess the risks associated with outsourced software solutions that store customer data online.


To demonstrate SOC 2 compliance, a company’s security systems, policies, and processes are examined by an independent, third-party audit firm, which then issues an audit report. The report is a rigorous assessment of the design and effectiveness of the company’s security controls.

Oyster’s SOC 2 audit

We’re delighted to share that Oyster has successfully completed a SOC 2 Type II audit, performed by Sensiba San Filippo, a certified, third-party accounting firm. The report demonstrates that Oyster has built a strong foundation of internal controls.


A SOC 2 Type II report describes a service organization’s systems and whether the design of specified controls meets the relevant trust services categories at a particular point in time. This audit confirms that our processes and policies have been found to ensure and protect a safe data environment. More specifically, it means that:

  • Our data is secure against unauthorized or inappropriate access, use, changes, deletions, additions, or disclosures.
  • Our data is available and accessible for ongoing business operations.
  • Our data processing systems ensure integrity, accuracy, and validity.
  • We ensure the protection of confidential and business-critical data.
  • We ensure privacy of personal and identifiable information.

A continued commitment to data security

At Oyster, we are proactive about staying ahead of cybersecurity risks, and our SOC 2 Type II audit demonstrates our commitment to excellence in information security. Our customers can be sure that they and their Team Members are in good hands, and their data is safe and protected.

Table of Contents

Additional Resources

Discover more
No items found.
Text Link