We wanted to highlight to our customers that we consistently build security programs that are auditable, repeatable, and built to a framework baseline that is easy for everyone to understand. This requires consistency across the board. SOC 2 involves particular controls that go into the audit, and achieving certification shows that we’ve been able to meet or exceed those expectations for each area.
SOC 2 certification is an industry standard framework when you have a SaaS platform because it covers so many fundamental areas of security, governance, risk, and compliance for service providers. Our goal over the past year was to raise the bar on security, and the focus on SOC 2 provided the framework and structure to meet that goal while also improving our operational security capabilities.
Our end goal of achieving SOC 2 certification is developing comprehensive programs that will stick around for a very long time, while always driving for iterative improvements. At the highest level, this includes formalizing tactical initiatives driven by different teams and for infrastructure.
It is important to point out that just because you are SOC 2 certified doesn’t mean you are fully secure. However, it does highlight a commitment to customers to ensure that their data is protected to industry standard.
SOC 2 certification is a journey that requires a deep dive into your system, but it’s worth it for you and your customers. For us, this milestone will allow us to achieve our SOC 2 Type 2 audit in early 2021. This shows that we are maintaining all of our controls on a recurring basis throughout the year instead of at just one point in time.
Stay tuned for our next SOC 2 blog post that will share what considerations to keep in mind when thinking about getting SOC 2 certified.