Creative Realities Completes SOC 2 Type 1 Compliance Audit Process

Rhea-AI Summary

Creative Realities (NASDAQ: CREX) has successfully completed its Systems and Organizations Controls (SOC) 2 Type 1 audit, demonstrating its commitment to customer data security and reliable SaaS products. The audit, conducted by Johanson Group LLP, took approximately nine months to complete and validates controls relevant to security, availability, integrity, confidentiality, and privacy.

The company's EVP of Software Development, Bart Massey, highlighted that this achievement reflects CRI's organizational growth and improvements in software and cloud infrastructure security. The SOC 2 compliance ensures established practices for safeguarding customer data, covering both software products and administrative functions.

CRI is currently working towards Type 2 compliance, which will verify ongoing operational adherence to the principles established in Type 1.

Positive

• Achieved SOC 2 Type 1 certification, enhancing company's credibility in SaaS market
• Improved software and cloud infrastructure security
• Working towards more comprehensive Type 2 compliance

Negative

• None.

This confirms CRI as a SaaS provider that ensures security, stability, and privacy in its products.

LOUISVILLE, Ky., March 25, 2025 (GLOBE NEWSWIRE) -- Creative Realities, Inc. ("Creative Realities," "CRI," or the "Company") (NASDAQ: CREX), a leading provider of digital signage and media solutions, is pleased to announce the successful completion of its Systems and Organizations Controls (SOC) 2 Type 1 audit. This audit achieved compliance with the leading industry standards for customer data security. This report shows CRI’s ongoing commitment to providing our customers with secure and reliable SaaS products.

“This is a significant achievement for our company and our customers. To reach this point, CRI has matured and grown as an organization, improving everything we do. We’ve enhanced our software and cloud infrastructure to make them more secure and highly available. These changes ensure we stay compliant with best practices and provide great products for our clients,” said Bart Massey, Executive Vice President of Software Development at CRI.

Developed by the American Institute of Certified Public Accountants (AICPA), a SOC 2 information security standard is a report that validates controls relevant to security, availability, integrity, confidentiality, and privacy. The audit was completed with the help of Johanson Group LLP, a premier certification body that helps organizations obtain and maintain global compliance standards. Ensuring that all parts of CRI’s applications and business processes were compliant with SOC 2 requirements took around nine months.

“Partnering with Johanson Group LLP has brought in a third-party auditor to validate our policies and ensure we follow best practices. We take our commitment to SOC II principles seriously, and with the completion of this report, we have a qualified independent auditor who confirms it,” Massey added.

SOC 2 has a rigorous requirement on how companies handle customer data and information, so compliance guarantees that established and implemented organizational practices are in place to safeguard customer data. CRI’s case involves its software products and all the administrative functions needed to support them.

CRI is actively working to complete Type 2 compliance. Type 1 focuses on evaluating processes, infrastructure and policies. Type 2 provides independent verification that the company’s ongoing operations continue to follow the practices and principles specified and required by Type 1.

More information on Creative Realities’ SOC 2 Type 1 compliance process will be available soon on cri.com.

About Creative Realities, Inc.
Creative Realities designs, develops and deploys digital signage-based experiences for enterprise-level networks utilizing its Clarity™, ReflectView™, and iShowroom™ Content Management System (CMS) platforms. The Company is actively providing recurring SaaS and support services across diverse vertical markets, including but not limited to retail, automotive, digital-out-of-home (DOOH) advertising networks, convenience stores, foodservice/QSR, gaming, theater, and stadium venues. In addition, the Company assists clients in utilizing place-based digital media to achieve business objectives such as increased revenue, enhanced customer experiences, and improved productivity. This includes the design, deployment, and day to day management of Retail Media Networks to monetize on-premise foot traffic utilizing its AdLogic™ and AdLogic CPM+™ programmatic advertising platforms.

Contacts

Media Inquiries
Breanne Ngo
bngo@ideagrove.com

Investor Relations
Chris Witty
cwitty@darrowir.com 
646-438-9385
ir@cri.com
https://investors.cri.com/ 

FAQ

What does the SOC 2 Type 1 certification mean for CREX's software security?

It validates that CREX has implemented proper controls for data security, availability, integrity, confidentiality, and privacy in its SaaS products.

How long did it take CREX to complete the SOC 2 Type 1 audit process?

The compliance process took approximately nine months to complete.

Who conducted Creative Realities' (CREX) SOC 2 Type 1 audit?

Johanson Group LLP, a premier certification body for global compliance standards.

What is the difference between SOC 2 Type 1 and Type 2 compliance for CREX?

Type 1 evaluates processes and policies, while Type 2 verifies ongoing operational compliance with these established practices.