Products
We're SOC 2 Type 1 Certified

Exciting news — BRM is now SOC 2 Type 1 certified! 🎉 We have always considered security to be a top priority, and this new certification further demonstrates our commitment to keeping your data safe and secure.
What is SOC 2 certification?
SOC 2 (Service Organization Control 2) is a rigorous auditing procedure developed by the American Institute of CPAs (AICPA). It's specifically designed to ensure that service providers securely manage data to protect the interests and privacy of their customers. SOC 2 is particularly crucial for software companies like BRM that store customer data in the cloud.
What our SOC 2 Type 1 certification means for you
Achieving this certification means we've got the right processes and controls in place to protect your information. Our SOC 2 Type 1 certification specifically verifies that we have:
- Implemented robust security policies and procedures
- Established strong access controls to protect sensitive data
- Developed a comprehensive risk assessment and management process
- Put in place effective monitoring and incident response procedures
With automated monitoring through Drata, we will be up to date on our security posture at all times. This means you can continue to trust us to handle your data with the utmost care and diligence.
Our ongoing commitment
While we're proud of achieving SOC 2 Type 1 certification, we view this as just one step in our ongoing journey to provide the most secure and reliable buying platform possible. We're committed to:
- Continuously improving our security practices
- Regularly reviewing and updating our policies and procedures
- Staying informed about emerging security threats and best practices
- Maintaining transparency with our customers about our security measures
Learn more
If you'd like more information about our SOC 2 Type 1 certification or our overall security practices, please visit our Trust Center to request a copy of the report.
Thank you for being part of our journey!
More articles
Keep reading on procurement and strategy

Best Practices
The ROI of Centralizing Contracts in One System
Learn why centralizing contracts into one system matters and what it actually takes to do it right.

News
Tokenmaxxing is dead. Long live valuemaxxing
Enterprise AI spend more than tripled in a year, and most of it hides below the waterline: usage credits, AI add-ons, models nobody approved. BRM gives finance a clear, always-current view of AI spend across the whole stack. Live now.