Achieving SOC 2 Type 2 Compliance - Our Continued Commitment to Data Security
Last year we achieved our SOC 2 Type 1 Compliance. This year through our diligence and commitment to ensuring the security and privacy of our customers' data, we have achieved the Type 2 level of compliance. Learn more about what that means to us and our customers in this article.
As data breaches and cybersecurity threats are on the rise, safeguarding sensitive information has become a necessity for organizations that truly care about their customers. We are proud to announce the next milestone for our company to this end – the attainment of SOC 2 Type 2 compliance. This achievement underscores our unwavering commitment to ensuring the security and privacy of our customers' data.
What is SOC 2 Type 2 Compliance?
Before we delve into the significance of this accomplishment, let's briefly explain what SOC 2 Type 2 compliance entails. SOC 2 (Service Organization Control 2) is a rigorous framework created by the American Institute of CPAs (AICPA) to assess an organization's security, availability, processing integrity, confidentiality, and privacy of customer data. Type 2 compliance, specifically, involves an independent auditor evaluating and testing these controls over an extended period, anywhere between 3 and 12 months.
Why SOC 2 Type 2 Matters
-
Enhanced Data Security: SOC 2 compliance provides a robust framework for protecting sensitive information. Achieving Type 2 compliance demonstrates that our data security measures are not just theoretical but have been tested over an extended period, giving our customers peace of mind.
-
Customer Trust: Customers must be discerning about organizations they entrust with their data. SOC 2 Type 2 compliance serves as an assurance to our clients that we take this responsibility seriously and will continue to raise and meet a high bar for their data security.
-
Operational Efficiency: Achieving SOC 2 Type 2 compliance involves a rigorous evaluation of our internal processes and controls. This scrutiny can lead to process improvements and greater operational efficiency.
The Journey to Compliance
Obtaining SOC 2 Type 2 compliance was not an easy feat, but most of the work occurred in the first stage. It required meticulous planning, rigorous testing, and a commitment from every member of our team. Our compliance journey included:
- Conducting a thorough risk assessment to identify potential vulnerabilities.
- Implementing robust security policies and controls to address these vulnerabilities.
- Regularly monitoring and auditing our security measures to ensure they were effective.
- Collaborating closely with external auditors to assess and validate our controls.
- Continuously refining and improving our security practices based on audit findings and industry best practices.
In this second step of our journey, our platform team really shined, by executing and maintaining the great work that was set up in the Type 1 compliance. Oded Messer, our Director of Engineering noted:
This year was all about observing that we act on the controls that we have in place. This compliance went surprisingly smoothly; we almost didn't feel the observation period. This was thanks to the great prep work and level of excellence our platform team brings to the table (many thanks to Marcin Jasion, Jesper Svendsen, and Helio Machado🙏🏼).
What's Next?
While achieving SOC 2 Type 2 compliance is a significant milestone, our commitment to data security does not end here. We view compliance as an ongoing process, and we will continue to invest in security measures, employee training, and technology enhancements to stay ahead of emerging threats. We look forward to serving our customers with even greater confidence and trust in the future. 💪🏽
To see the full reports of our SOC 2 Type 1 and SOC 2 Type 2 achievements and learn more about our policies, head to our Security & Privacy page.