TaxJar achieves SOC 2, Type 2 compliance after independent audit, demonstrating commitment to data security

by Dan Brockley March 18, 2021


TaxJar handles sensitive data for more than 20,000 businesses as well as a host of technology partners, and ensuring that this data is secure is a top priority for the company. To verify the integrity of the company’s controls and safeguards, TaxJar recently underwent a rigorous, voluntary year-long SOC 2, Type 2 audit completed by the independent CPA firm Shellman & Company. This evaluation extended the SOC 2, Type 1 audit that TaxJar underwent in February 2020 (a point-in-time review) over a period of a full calendar year, to test the consistency and resiliency of its systems over time. Both audits were successful, finding TaxJar’s data security controls to be at the highest level.

“SOC” stands for “System and Organization Controls” under the American Institute of Certified Public Accountants (AICPA) and is widely recognized as the gold standard for data security.

“Securing our customers’ data has always been a top priority for TaxJar, but as we increasingly serve larger, more complex customers and partners, it was important to us to have independent experts evaluate our controls”, said Jennifer Carati, TaxJar’s Head of Information Security. “The SOC 2, Type 2 assessment demonstrates our commitment to security and integrity as well as our ability to scale our operations safely.”

More than 15 billion records were exposed globally in 2019, according to RiskBased Security. With nefarious actors getting ever more sophisticated in their approaches to data theft, security is foremost on the minds of eCommerce businesses and technology partners. SOC 2 Type 2 compliance gives customers a higher level of assurance, because the auditors test that the controls are operating effectively over a 12-month period, rather than a discrete point in time.

The SOC 2 audit evaluates a variety of controls, including:

  • Access restriction to critical systems 
  • Employee password and workstations security 
  • Data encryption and loss prevention
  • Disaster recovery and business continuity 
  • Incident response and breach notification process 
  • Vendor management process, including security and ongoing monitoring
  • Application and infrastructure breach testing

To ensure that TaxJar maintains its high standards of data security, the company will be re-evaluated for SOC2, Type 2 compliance yearly by an independent CPA firm, and make these reports available to current and prospective customers. Learn more about TaxJar’s commitment to security here


The basics of US sales tax

Learn the fundamentals of sales tax.

Watch the video