SOC 2 compliance is based on specific criteria for managing customer data correctly, which consists of five Trust Services Categories: security, availability, processing integrity, confidentiality, and privacy.
- Security. The organization’s system must have controls in place to safeguard against unauthorized physical and logical access.
- Availability. The system must be available for operation and must be used as agreed.
- Processing Integrity. The system processing must be complete, accurate, well-timed, and authorized.
- Confidentiality. The information held by the organization that is classified as “confidential” by a user must be protected.
- Privacy. All personal information that the organization collects, uses, retains, and discloses must be in accordance with their privacy notice and principles. These are specified by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
There are two levels of SOC compliance:
- Type I describes systems and whether their design is suitable to meet relevant trust principles.
- Type II details the operational effectiveness of those systems and is issued after a period of at least 6 months after Type I.
As SOC 2 certification is issued by outside auditors, the audit has been done by Prescient Assurance , a leader in security and compliance certifications for B2B, SAAS companies worldwide. The audit confirms that GitGuardian’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
Our SOC 2 Type II report is for limited distribution and shared under non-disclosure agreement (NDA). Please direct all requests to firstname.lastname@example.org