As some of you may know, we've been working on getting a SOC 2, and we're excited to announce that as of last week we have completed our "System and Organization Controls 2" (SOC 2) Type I audit! If you'd like to get a copy of it, please reach out to firstname.lastname@example.org and we'd be happy to share it.
The SOC2 audit is one the highest recognized standards of information security compliance in the world. It was developed by the American Institute of CPAs (AICPA) to allow a third-party auditor to validate a service company’s internal controls with respect to information security. The SOC 2 Audited Report is the auditor’s opinion on how an organization’s security controls meet the SOC 2 criteria.
We obtained our audited SOC 2 Report by partnering with Secureframe and Modern Assurance who respectively helped us prepare for and reviewed our internal controls including policies, procedures and infrastructure regarding data security, firewall configurations, change management, logical access, backup and disaster recovery, security incident response and other critical areas of our business.
Thanks to a company-wide effort at Reviewable and with the help of our partners, we successfully achieved compliance and received an Auditor’s Report demonstrating that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria. We are happy to share that report with you to prove to you that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria. In fact, by partnering with Secureframe, we can confidently say we go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework 24/7/365, not just during the audit window.
We believe the relationship with our customers must be built on trust. The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain that trust.
SOC 2 is just one aspect of our growing security program. We are committed to continually improving our information security program and maintaining a SOC 2 audit to ensure we keep supporting our customers’ needs.
Since Reviewable can be used in multiple ways, and we're still a small company, we had to focus this SOC 2 audit on one of those ways. Since we will only be providing the SOC 2 report to Enterprise tier customers, we focused the audit on the Enterprise use-case, namely the on-prem instance. If your company's security team requires a SOC 2 certification, then please reach out to email@example.com and we can discuss setting you up with an Enterprise deployment of Reviewable. Otherwise, you're more than welcome to use our self-service offering at reviewable.io!