At Codacy, we’re committed to the security and privacy of your data. Our customers demand and deserve nothing less than the best security assurances we can give them.
That’s why we’re excited to announce that Codacy is now SOC 2 Type II compliant, doubling down on our dedication to putting your security and privacy first!
What is SOC 2, and why is it important?
System and Organization Controls (SOC 2) is a well-known security compliance and certification created by the American Institute of Chartered Public Accountants (AICPA). It’s the gold standard to ensure customers’ data security and operational maturity.
SOC 2 certification tackles the controls and processes of service organizations related to five trust services criteria: security, confidentiality, availability, process integrity, and privacy. All SOC 2 reports include the security category, while the others are optional.
The reports assure customers, partners, and prospects that an organization has security guidelines and follows them. For example, this might involve background checks on all employees, ensuring that laptops are password-protected, or configuring the organization’s AWS utilities safely.
Third-party certified auditors conduct the SOC 2 audit process and certification.
The two stages of SOC 2
- SOC 2 Type I: reports on the current security rules (systems and controls) and reviews documents around these rules. It gives a snapshot of an organization’s practice on a particular date.
- SOC 2 Type II: it’s very similar to Type I, but the evidence of rules’ effectiveness is described and evaluated over time, for a minimum of 6 months, to see if the systems and controls in place are functioning all the time.
What does it mean to be SOC 2 Type II compliant?
At Codacy, security is fundamental in our products’ design and implementation. Our customers trust us to store and process their data and expect that Codacy will always keep their data private, secure, and confidential.
Therefore, we work hard to guarantee security in everything we do. We’ve implemented controls around our production systems, software, infrastructure, people, procedures, and all data supporting Codacy products.
Codacy earned SOC 2 Type II compliance by achieving service commitments and system requirements based on the trust services criteria relevant to security. We also have an independent, third-party report to ensure the effectiveness of our security measures!
If you have any questions about SOC 2 Type II, contact us at firstname.lastname@example.org. We’ll be happy to help!