August 11, 2021
Skyflow is Certified SOC 2 Compliant
We’re excited to announce another major compliance milestone: Skyflow is now SOC 2 Type 1 certified. [EDIT July 11, 2022: Skyflow is now SOC 2 Type 2 certified.]
This certification represents our commitment to SaaS security, and our continued investment in building powerful internal compliance and data governance policies (we’re already PCI and HIPAA compliant). After an extensive review, a certified SOC 2 auditor determined our products to be fully compliant, assuring current and future users that Skyflow Data Privacy Vault is created and delivered safely and securely.
What is SOC 2?
SOC 2 (pronounced “sock two”) stands for “Service Organization Control 2”. It’s a set of compliance priorities and criteria created by the American Institute of CPAs (AICPA) to ensure that sensitive data is being stored in the cloud in a secure and compliant manner.
SOC 2 is divided into two different types (Type 1 and Type 2) which are very similar, with Type 1 focusing on security controls at a specific point in time and Type 2 involving a deeper look into repeatable processes and automation. The SOC 2 audit process can include up to five categories of Trust Services Criteria. The categories are security, availability, confidentiality, process integrity, and privacy. Each one is dedicated to a specific set of internal controls and different aspects of the information security program.
SOC 2 Type 1 certification is an important milestone and a critical requirement for many of our customers. But it is just the first milestone; we are hard at work and making headway toward completing Type 2.
Why SOC 2?
SOC 2 is a commonly accepted security standard that demonstrates the maturity of SaaS vendors who have it. The qualities and processes that the SOC 2 auditor measures are criteria that we believe every organization should prioritize. We decided to take the initiative and get started on the SOC 2 process to ensure that we were continually measuring and improving our infrastructure. As a company in the security space, the Skyflow team has an obligation to seek out new ways to reinforce internal security and privacy. We’re delighted to be able to show our users that our system was vetted and approved by an external security expert.
The Certification Process
Although the SOC 2 audit process was intense and involved, Skyflow was well-positioned to handle it.
Most of our executives and our engineering team worked through similar compliance certifications before and are familiar with the procedures, caveats, costs, and impact. We started with full approval from our executive team as they understood the importance of reaching SOC 2 compliance as both an organizational milestone and a key business enabler. We also took advantage of their many prior connections in the field to build a network of skilled compliance consultants. We collaborated with these experts to develop the proper infosec policies and to invest in the right set of tools to improve our security and compliance postures and reporting. We put a lot of emphasis on finding an auditor firm with an excellent reputation and a deep understanding of the latest cloud technologies.
While being a smaller company meant some challenges for us around resourcing and person-hours, it actually gave us a tremendous amount of flexibility and speed during the audit and remediation process. It also made it easy to identify and liaison with key executives and stakeholders as we went through the audit. Additionally, the security and privacy practices we put in place during the audit will grow and improve alongside our growing team and product offerings. If you are looking into becoming SOC 2 compliant, getting started sooner is better than later.
Learn More About Skyflow
This SOC 2 certification is a milestone in our continuous effort to create and improve Skyflow Data Privacy Vault. You can learn more about Skyflow Vault on our website.