We’re excited to share that we recently completed our SOC 2 Type I compliance audit in accordance with the American Institute of Certified Public Accountants standards for SOC for Service Organizations. (This attestation is also known as SSAE 18.) It’s an important milestone, ensuring our customers that our platform, AIQ, provides enterprise-level security for their data when stored or used in our system.
This certification is an indicator that we take the security of our customers’ data and our own data seriously, and we ensure that only vetted personnel are given access to our customers’ resources. We embed the culture of security into how we conduct business as exemplified by our regular security training and our commitment to using cutting-edge tools and methods to maintain our high level of security.
First and foremost, our product development is conducted in line with OWASP’s Top 10 recommendations for web application security. All development of new features, platform extensions, and major changes to existing features undergo a design review to ensure security requirements are incorporated into the proposed development. And our team members complete annual secure development training in coding or scripting languages that they work with as well as any other relevant training.
Process for Certification
To obtain our certification, we worked with Drata, a provider of a security and compliance automation platform, to prepare ourselves for the audit. They were a great resource for ensuring that we had all our ducks in a row, providing great customer support beyond the provisioning of their product, helping us codify all our security controls, and implementing the correct systems to ensure that they continue to be applied appropriately as we grow. We couldn’t have achieved readiness without their support.
We were then audited by Prescient Assurance, a leader in security and compliance attestation for B2B SaaS companies worldwide. They are a registered public accounting firm in the US and Canada.
While we’ve always been attentive to data security, we’re pleased to have completed our certification.