Company News

TUNE Earns SOC 2 Type II and SOC 1 Type II Certification

Blake Harps

TUNE’s Platform and Payments Systems Earn SOC 2 Type II and SOC 1 Type II Certification

Affiliate marketers live and die by their data. Conversion details, credit card numbers, contact information — it all flows through the performance ecosystem, every second of every day.  

At TUNE, we respect the responsibility that comes with this data. We also recognize how important it is to our customers to ensure it is accurate, secure, and confidential.  

We are therefore pleased to announce TUNE has completed another successful audit of our system and organization controls, assuring the availability, processing integrity, security, confidentiality, and privacy of customer data. This latest audit marks the fifth consecutive year TUNE has earned SOC 2 Type II certification, and the third consecutive year TUNE has earned SOC 1 Type II certification. 

SOC 2 Type II Certification Defined 

SOC stands for System and Organization Controls, a suite of services provided as part of the American Institute of CPAs’ (AICPA) reporting platform. 

In layman’s terms, SOC 2 audits examine and evaluate the operational controls of a business. They require a company to document and comply with comprehensive information security policies and procedures, among other responsibilities. The resulting report gives interested parties the information and insight needed to make a decision about working with that business.  

From the AICPA website

“SOC 2 reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.” 


SOC 1 Type II Certification Defined 

SOC 1 audits focus on user entities, testing their relevant internal controls over financial reporting system design and operating effectiveness. We see the feedback loop from periodic third-party reviews such as these, especially when they address both the TUNE platform and TUNE Pay, our payments system, as the best way to enhance our current product and operations. 

To earn a Type II report, a company must undergo testing over an extended period of time. (Type I reports test only a single moment in time.) TUNE’s usual audit period for SOC 2 and SOC 1 covers 12 months, demonstrating our ongoing effort to uphold the Trust Services Principles

Starting with our first audit, we have always voluntarily pursued the more demanding and comprehensive Type II report, rather than the Type I report. Type II reports for both audits signal that our customers can expect high standards across TUNE’s operational, data security, and privacy practices, as well as stringent change management controls throughout our software development life cycle.

Our Commitment to Quality 

Using an independent third-party to audit these controls is an investment companies do not take lightly. A SOC audit is, by its nature, an invasive, arduous process designed to compel a company on a variety of levels, requiring active employee engagement and diligence across a broad swath of the organization. It’s a process we are proud to undertake. 

As with our prior SOC audits, TUNE’s auditors determined that our controls were effectively designed and followed throughout the audit period. We intend to sustain our investments in customer-centric compliance in the years to come.

Relevant portions of both reports are available upon request to [email protected] for TUNE customers as well as prospects under a current non-disclosure agreement. 

Blake Harps

Blake Harps currently serves as TUNE’s Director of Engineering. Having started as TUNE’s first Database Administrator in 2011, Blake brings a passion for building reliable and scalable software to the organization. Based in Seattle, you can find him eagerly awaiting snowfall in the Cascades, lining up to get first tracks at Crystal Mountain.