Purpose

Purpose

When we integrate with third-party vendors (e.g., Workday, Salesforce, Stripe, AWS, GCP, Slack), we inherit some security and compliance risks.
To reduce these risks and meet SOC 2 and customer obligations, we require that critical vendors maintain industry-recognized security certifications and frameworks.

Why this matters

• Trust & Assurance → Certifications prove the vendor is audited against strong security standards.
• Customer Confidence → Enterprise customers often ask about our vendor risk management.
• Shared Responsibility → Even if AWS/Workday handles infrastructure, we must prove they meet compliance.