Podio Service Organization Control (SOC) 2 Report
A SOC (System and Organization Control) report is designed to help Podio build trust and confidence in the service performed and controls related to the service through a report by an independent assessor.
The SOC 2 report is used to display the controls that a service provider has in place. The report is intended to provide detailed information and assurance about the controls at a service organization relevant to processing users’ data and keeping that data private and confidential. The SOC 2 touches on three (3) overall Trust Principles that a cloud provider can choose to report on. These include:
- Security: protecting against unauthorized access or changes.
- Availability: ensuring it will be up and running as needed.
- Confidentiality: information in the system is properly protected.
The Podio SOC 2 attestation reports are issued by an outside auditor, whose role is to assess the extent to which we comply with our selected Trust Principles based on the systems and processes in place.
You can find Podio certification details on Cloud Software Group (CSG) Trust Center
Podio's SOC 2 Type II report is available upon request.
- Users with existing MyCitrix account: Login to MyCitrix account to access reports from Portal
- Users without existing MyCitrix account: Please contact your sales representative or contact Podio support team to request for the report
Coming soon: A new ShareFile/Podio Trust Center to easily request product certification reports!
Here are some key elements about security at Podio:
- Customer-uploaded data is hosted through Amazon Web Services in Dublin
- HTTPS Encryption on all data between the Podio service and the client web browser. Login without encryption is non-optional. Podio servers are firewalled and only those services which are required to be running are listening. Connections between servers are made using encrypted secure tunnels
- Podio employees do not access customer uploaded data in Podio without prior customer consent.
- No super-user account exists in the organization. All accounts are private to each individual user
- Cloud Software Group Trust Center and GDPR details: https://www.cloud.com/trust-center/privacy
- All data is backed up nightly and copied to another off-site location
- Access all your uploaded data programmatically via the Podio API: https://developers.podio.com/
- Multiple client libraries available
- Import/export data or connect external services to Podio via the API
- Regular security audits are carried out by internal security team
Reporting a product security vulnerability
If you believe you have discovered a potential security vulnerability related to Podio or any other ShareFile product or service, please ‘Report a security issue’ at the Cloud Software Group Trust Center.
Our Security Whitepaper is attached - please see this for additional information.