2022 is off to a great start with our achievement of SOC 2 Type I compliance. GitGuardian is more than ever determined to secure code – whether it’s by helping you catch secrets-in-code and enforce security policies across the software development lifecycle, or by investing in the proper internal security practices and training to safeguard your data.

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

There are two levels of SOC compliance:

  • Type I describes systems and whether their design is suitable to meet relevant trust principles.
  • Type II details the operational effectiveness of those systems and is issued after a period of at least 6 months after Type I.

We partnered with Vanta, the leader in continuous compliance monitoring, to help us automate the collection of our audit evidence. Vanta provides us with the strongest security foundation to protect our customer data.

As SOC2 certification is issued by outside auditors, the audit has been done by Prescient Assurance , a leader in security and compliance certifications for B2B, SAAS companies worldwide. The audit confirms that GitGuardian’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

We are now moving forward with SOC 2 Type II to complete the process.