Assembly is now SOC 2 Type II compliant

We’re proud to announce that Assembly has successfully completed a Service Organization Control (SOC 2®) Type II examination.

March 24, 2021

We’re proud to announce that Assembly has successfully completed a Service Organization Control (SOC 2®) Type II examination.

Our SOC 2 Type II certification represents a valuable addition to our suite of enterprise-grade features that support customers in even the most highly-regulated industries such as the finance, telecommunications, and education sectors.

We believe that SOC 2 Type II compliance is a critical security requirement for any leading employee recognition & engagement vendor, especially when supporting complex employee journeys or handling sensitive data.

Keep reading to learn more about what a SOC 2 Type II certification means for your employee recognition & engagement programs, and how it strengthens our commitment to providing a secure and trusted solution for engaging your team and providing a best in class recognition tool.

In the digital age, the strategic use of employee data is critical to attracting the best talent, retaining that talent, and overall building a world class organization. It drives business decisions, influences how quickly a company can grow, and facilitates the experiences that employees have come to expect.

But with more and more of this data being stored and transferred in the cloud, there’s increased risk for security breaches and improper handling of sensitive information.

Our decision to successfully complete a Service Organization Control (SOC 2®) Type II examination represents our increased commitment to strengthening our internal controls and processes that protect employee data.

We hold ourselves accountable to the industry’s highest security standards in order to give employers and employees the confidence that their data is safe while they stay focused on their work.

What is SOC 2 Type II compliance?

SOC 2 (“Service Organization Control 2”) is an internationally-recognized certification developed by the AICPA. It acts as third-party assurance to verify that a service provider is committed to following the highest standards of security when it comes to managing employee and customer data.

The requirements are specifically designed for companies like Assembly that store employee data in the cloud. Leading organizations like Microsoft and AWS (Amazon Web Services) choose to demonstrate their commitment to security through SOC 2 certification.

A Type II certification means that not only has the company implemented the proper security controls, but the effectiveness of these processes has been verified by expertly-trained, third-party auditors, and the company was determined to be compliant over a period of time, ultimately demonstrating proof of continued commitment. Learn more about the difference between Type I and Type II reports.

In other words, a SOC 2 Type II certification confirms that any employee data you send to Assembly (to facilitate employee recognition, rewards, & engagement programs) is actively being managed in a secure and audited environment.

What was the process to become certified?

SOC 2 Type II certification is earned as the result of a successful 6-month audit by an independent firm.

To prepare for this diligent examination of our internal security policies and controls, we partnered with Vanta to help us automate the collection of our audit evidence. We also worked alongside experienced hackers from HackerOne to gain insights from their industry-leading penetration testing services.

After implementing the necessary security policies and processes, we worked with Dansa D'Arata Soucia to facilitate the audit, successfully receiving our certification on March 22nd, 2021.

Our official SOC 2 Type II report lets us demonstrate our continued commitment to security through the assurance of a third-party.

Why does a SOC 2 certification matter when evaluating referral and loyalty software vendors?

At Assembly, our mission is to fuel your organizational growth with employee recognition, rewards, & engagement programs. You can’t afford to spend time worrying about the security of your employee data, so it’s critical to choose a trusted partner.

If you care about the security of your employee data, SOC 2 Type II accreditation needs to be an important factor when evaluating employee recognition, rewards, & engagement software (any software for that matter). Why?

The vendor’s commitment to security has been proven over time

A Type II certification means that a company’s security procedures have been actively monitored over a period of time by independent auditors to ensure accuracy and effectiveness. This means that the ways in which your employee data is being managed have withstood the most rigorous security audit in the industry.

When it comes to being secure, a Type II certified company doesn’t just talk the security talk, but walks the walk.

Your company’s security, financial, and reputational risks are mitigated

When you rely on cloud providers to store and send your employee data, there’s an increased risk for unauthorized interception and fraudulent access. Even the most established corporations like Google and Facebook have felt the debilitating repercussions of data breaches.

If you want to greatly reduce your company’s chances of ending up in the news as the most recent security breach, don’t put your employee data at risk. Choose a vendor who can prove that they’re committed to keeping it secure.

Your organization can operate with peace of mind

SOC 2 Type II compliance is only achieved by companies with mature, established, and independently-approved business processes, and whose dedication to security spans every department from HR, finance, development, and customer success.

Choosing a SOC 2 Type II certified employee recognition, reward, & engagement program vendor means that you can rest easy knowing that the security of your employee data is a priority as you focus on growing your organization.

What’s next?

The Assembly SOC 2 Type II report represents the auditor’s attestation of how we protect, regulate, and control the employee data that we collect from our customers.

We’re committed to completing audits on an annual basis to ensure continual compliance.

We know that cloud data security is more important than ever before, and we will continue to invest in building a secure enterprise employee recognition, rewards, & engagement platform that organizations can trust. Learn more about our solutions here.

Browse our Free Employee Recognition Guide

Get the foundational knowledge on creating an employee recognition program that boosts employee engagement and helps them feel valued.

Explore Guide

Frequently Asked Questions

Is Assembly SOC 2 compliant?

Yes, at Assembly, security is a top priority. Each quarter, we have ongoing security work that is everyone’s responsibility. While we maintain a strong security posture, it was important for us to prove to our customers that we do everything we claim to do. This led us to pursue a SOC 2 Type II report that would provide evidence of our compliance with industry gold-standard security practice.

What's the ROI for employee recognition?

There is study after study showing that employee recognition leads to increased engagement. This in return creates an environment where employees are happier and more motivated which increase productivity and reduces voluntary turnover significantly. In order to filled critical roles, companies tend to spend nearly twice the value of an annual salary. Assembly is an investment in your employees that supports your bottom line.

Does Assembly offer longer-term contracts?

Yes, we will offer contracts for companies with longer-term agreements to help larger customers have more certainty around future costs.

The minimum agreement term is a 12-month subscription.

Does Assembly offer onboarding support?

We do! Any new customer needing further support to get started with Assembly to ensure you're set up for success can request custom onboarding support. These one-time services start at $5,000. Improving your employee experience is about much more than just using our amazing software; it’s about transforming your business to create a workplace that people love. That’s much easier to do with the personal support and advice from our passionate people experts.

Is there a free version of Assembly?

Yes. We offer a completely free plan for up to 50 team members. This plan is intended for teams or organizations that are looking to get started with an employee engagement tool. Keep in mind, this plan is limited in features.

All customers can open an Assembly account for free and get started without a credit card. Then you can change plans as necessary.

How much do rewards cost?

At the time of redemption (when your employees exchange their points for a paid reward) you'll pay face value. If a reward is a $10 Amazon gift card, your cost will be $10. All paid rewards are billed for on a monthly basis.

The good news is that you don't have to pay for rewards upfront because we only charge you when points are redeemed, not when they're earned.

Does Assembly offer discounts?

We offer discounts or educational or charitable organizations. In order to secure a discount, you'll first need to book a demo with a customer support specialist.

For all other organizations, we are willing to consider longer-term agreements in exchange for discounts. To set up annual plans or longer, you will need to book a demo with a customer support specialist.

How do I cancel my plan if needed?

If you're on a month to month plan, you can go here and cancel anytime. If you're having concerns or need help setting up your account for success, you can always book a demo with a customer support specialist.

If you're on a longer-term custom plan, you'll need to reach out to your customer support specialist to cancel your account or email us at

What customizations are available?

Great question! You can customize your core values to match your organization's to boost and track alignment. You can change your currency from the 🏆 emoji (our default) to any emoji of your choice. You can swap our logo for your own. You can also set up company culture rewards such as, "Lunch with the CEO," "Buy a book on us," and so much more!

Who can give or receive recognition?

While we recommend a peer to peer set up where anyone in your organization can give or receive recognition, you can set up Assembly however you want. If you need to limit the people who can give or receive recognition, that's perfectly fine and can be done from your Admin, here.

What integrations are available?

Assembly connects to the tools your employees use every day to offer an easy, seamless experience with minimal change management.  

Assembly has integrations with HCM/HRIS systems like ADP, Google, Office 365, and Slack. We also integrate with communication tools like Slack and Teams so you and your employees can access Assembly wherever they work now.

What's your average adoption rate?

That depends on the company's permissions set up. That said, over 90% of the employees on Assembly's platform are recognized on a monthly basis. That means nearly every employee across all of our customers are receiving regular recognition from their peers, managers, or leadership. We're extremely proud of this.

Must rewards be set up to use Assembly?

They are not required. You can use Assembly without having rewards set up. However, we don't recommend it if you intend to have a high adoption and usage rate. You can always keep the costs down by offering internal culture rewards that are fulfilled by you internally.

Are points required to use Assembly?

No, you can remove allowances from anyone or everyone. It's up to you but we do recommend using points whether they're worth a real dollar value or not. Companies that use points have a much higher engagement rate even if those points don't exchange for real dollars.

Could find the answer you are looking for?

Please schedule time with an expert and we will help you to get all your questions answered