Kruze clients are twice as likely to get acquired as the average startup.  Find out why here

Security

Kruze Consulting is dedicated to keeping our client’s finances and accounting data safe and secure. 

SOC2 monitored by Drata

Security at Kruze

Kruze Consulting utilizes enterprise-grade best practices to protect our customers’ data, and works with independent experts to verify its security, privacy, and compliance controls, and has achieved the SOC 2 Type 1 report against stringent standards.

In addition to SOC 2 compliance, we background check all new employees, regularly train our team on how to keep their equipment and passwords secure, and use a 3rd party security expert to monitor our employee’s laptops for security vulnerabilities and configuration issues. 

SOC 2 Report

We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers’ data.

Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

Continuous Security Control Monitoring

Kruze Consulting continuously monitors 100+ security controls across the organization. Automated alerts and evidence collection allows Kruze Consulting to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Penetration Tests

Kruze Consulting works with industry leading security firms to perform annual network and application layer penetration tests.

Secure Software Development

Kruze Consulting utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption

Data is encrypted both in-transit and at rest.

Background Checks

Every Kruze Consulting employee goes through a rigorous screening process, including multiple interviews and a background check.

Vulnerability Disclosure Program

If you believe you’ve discovered a bug in Kruze Consulting’s security, please get in touch at kruzevdp@kruzeconsulting.com. Our security team promptly investigates all reported issues.

  Talk to a leading startup CPA