Announcing SOC 2 Type 2 Compliance: Ensuring the Highest Standards of Security

Great news everyone, we've hit a major milestone! The moment we've been waiting for has finally arrived, and we are beyond thrilled to announce that we have achieved a sparkling clean SOC 2 Type 2 attestation report. This isn't just a pat on the back, it's a resounding validation of our unwavering commitment to providing our customers with the highest levels of security and confidentiality for their valuable data.

But let's be clear, this milestone is just the beginning of our unwavering dedication to our customers and their data security. Security is the bedrock upon which our products are built and the cornerstone of the trust we earn and maintain with our customers.

So buckle up and get ready to learn more about Socket's never-ending pursuit of security excellence!

What is a SOC 2 audit, and why is it important?#

In case you're not familiar with it, SOC 2 is an intensive auditing process that ensures that companies are handling their customer data with the utmost security and privacy. We're talking about protecting organizations and the confidential data of customers. SOC 2 was developed by the AICPA and is specifically designed for cloud service providers storing customer data.

At Socket, we use an automated platform to continuously monitor our internal security controls against the highest standards. We have real-time visibility across our organization to ensure that our systems' end-to-end security and compliance posture is top-notch.

How does Socket put security first?#

Security is more than a feature to us; it's our mission. Every design decision in Socket starts with the safety and privacy of your data in mind.

We never upload or modify your source code. Our platform is designed to work without the need to analyze, upload, or share your source code. We won't ask for permissions to modify a customer's source code or deployment environment, and we'll never use them. In the event our service is compromised, your source code and deployment environment will remain untouched.

What is the difference between SOC 2 Type 1 and Type 2?#

SOC 2 Type 1 reports on the design of a system and its controls, whereas SOC 2 Type 2 reports on the operating effectiveness of the controls over a specified period of time. For us, that's a 3-month window ending in February 2023. Customers will see that our controls have been operating effectively for the entire duration of this period.

Why does SOC 2 compliance matter?#

We help tens of thousands of developers to ship faster and spend less time on security busywork by safely finding, auditing, and managing open-source software at scale. We're on a mission to achieve this goal while ensuring that everyone involved has a fundamental trust in the security of our platform.

As more enterprises look to process sensitive and confidential business data with cloud-based services like Socket, it's essential to do so in a way that ensures their data remains safe. Our customers carry this responsibility on their shoulders every single day, and it's critical that the vendors they select to process their data in the cloud approach that responsibility with the same level of care.

By meeting the rigorous security and confidentiality standards outlined in SOC 2, Socket demonstrates its commitment to implementing the AICPA Trust Services Principles and Criteria. Our way of working builds best practices into every team – from our technical team to people operations – to ensure that security is always at the forefront.

What should I do if I'm interested in Socket's open source security platform, or if I have questions about its SOC compliance?#

We welcome all customers and prospects interested in using Socket's open-source security platform to contact us to discuss our commitment to security and review our SOC compliance reports. We hope this update helps you and your IT team rest easy knowing that your data is secure with Socket.