SparkPost Earns SOC 2 Type II Certification

Email API Service meets the Strict Information Security and Privacy Standards for the Handling of Sensitive Data

SparkPost, a cloud email API service preferred by leading internet and technology companies, today announced that it has been awarded with the Service Organization Control (SOC) 2 Type II certification that covers all of its facilities, business processes, and cloud services. This certification confirms that the SparkPost platform meets the strict information security and privacy standards for the handling of highly sensitive customer data established by the American Institute of Certified Public Accountants (AICPA).

The certification review period was conducted between January thru October, 2017 by independent auditing firm Coalfire.

The AICPA designed the SOC report to provide potential and existing customers of companies, like SparkPost, confirmation that their internal controls are appropriately designed and operating effectively to reduce the risk of a significant error, omission or data loss by the service organization.

The AICPA provides five different Trust Service principles that a service organization may opt to be evaluated against as part of a SOC 2 Type II examination. SparkPost selected to be reviewed against the following principles:

  • Security— The system is protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements.
  • Availability —The system is available for operation and used to meet the entity’s commitments and system requirements.

Receiving the SOC 2 Type II certification proves that SparkPost has the appropriate security controls in place to ensure the security and availability of customer data. The certification covers the company’s physical facilities, business processes, and the SparkPost cloud-based service hosted on the Amazon Web Services (AWS) environment.

“This certification is critical to our ability to maintain the trust our customers place in us by demonstrating our commitment to protecting their sensitive and confidential information,” said Steven Murray, chief information security officer (CISO) at SparkPost. “The voluntary certification process was a massive interdepartmental effort that consumed more than 700 hours, and is a testament to the care with which we treat our customers’ data.”

About SparkPost
SparkPost is the world’s #1 email delivery provider. Our customers—including Pinterest, Twitter, Intercom, LinkedIn, Zillow, and Comcast—send over 3 trillion messages a year, more than 25% of the world’s non-spam email. Our platform delivers any application’s emails on time and to the inbox, with the performance, deliverability, flexibility, and analytics product development teams need to drive customer engagement and growth. Follow us on Twitter @SparkPost or go to