After receiving a SOC 2 Type I certification in early 2021, we didn’t stop there. Meeting our goal of becoming SOC 2 Type II certified bolsters our ability to build consistent, auditable, repeatable security programs within frameworks that best fit our customers’ needs.
What is SOC 2 Compliance?
SOC 2 compliance outlines a framework of security standards based on the five SOC 2 trust principles developed and maintained by the American Institute of Certified Public Accountants (AICPA). These principles are intended to ensure a business is exercising best practices for maintaining data security.
SOC 2 Trust Principles Checklist
Obtaining the SOC 2 Type I and Type II certifications is one way to demonstrate that Estateably is committed to delivering end-to-end security with our Pentest as a Service platform. The SOC 2 audit report is evidence of our commitment as a partner to keep highly sensitive data thoroughly protected. We are always looking to raise the bar for security, and keeping data secure for our customers remains a top priority.
SOC 2 Type I vs Type II
- Type I: Describes how security and compliance controls are “designed” based on a specific point in time. For example, as of March 31st, the organization conducts background checks and has job descriptions for roles and responsibilities.
- Type II: Describes the “design and operating effectiveness over a period of time (audit period)”, typically 6-12 months. This assessment shows the SOC 2 control implementation and operating effectiveness over that time period— subsequently, our audit period was from January 1st, 2021, to June 30th, 2021.
What This Means for Estateably Customers
Trust and transparency are at the forefront of security and data privacy for us as software providers. Maintaining SOC 2 compliance is one of the most commonly followed frameworks and being an integral part of security, sales, and operations workflows. Achieving the SOC 2 Type II certification further demonstrates our promise of customer data protection over an extended period of time with robust capabilities to identify, track, and resolve security vulnerabilities.