When we set out to build our company, our vision was to provide a world-class solution to keep enterprise data private, secure, and compliant. This vision remains our guiding star. And what better way to double down on our commitment to doing things the right way than achieving SOC 2 as a company? Last week, Divebell was officially certified as SOC 2 type 1 compliant, and we’re well underway to complete the type 2 certification.
SOC 2 Explained
For those unfamiliar with SOC 2 (did you take a 20-year nap under a tree?), it’s one of the best ways for SaaS companies to demonstrate trust to their customers. SOC 2 (System and Organization Controls 2) compliance means that third-party auditors have rigorously examined our business and technology processes to ensure we have a systematic, repeatable, and engrained approach to everything from security and privacy to business continuity and reliability.
How Divebell Incorporates SOC 2 Requirements
With Divebell being SOC 2 compliant, you now have confirmation from an independent auditor that when you work with us, we take the utmost care of your sensitive information and provide our services using best practices. You can feel confident choosing and working with us. It also eases the vendoring process because you can rely on our SOC 2 attestation to fill in the blanks that may be on your security questionnaire.
Real-World Examples
For illustration purposes, a few best practices that come with our approach to SOC 2 include important security measures like ubiquitous multi-factor authentication single sign-on, temporary least privilege access to critical systems, and continuous access review, as well as running our services on highly resilient cloud providers with multiple layers of security and such essential business processes as tracking the evolution of our software and deployments through configuration as code and repeatable automation.
Using Divebell allows you, our customers, to automate data compliance continuously and securely with our Data Discovery Platform. We wouldn’t be satisfied doing anything less internally with how we provide those services.
A Strong Foundation of Excellence
SOC 2 is a challenging process requiring coordinated effort across teams. We feel fortunate that with our experience in the software security industry at companies like Vontu and Symantec, we had a window into what we’d need for world-class security that exceeds the stringent audit and regulatory requirements. Because we took a thoughtful approach to set things up right from the very beginning, we didn’t have to play catch up. We listened carefully and collaborated with our customers, fine-tuning our processes to support them. We don’t just meet the legal and audit requirements but actively integrate them into every aspect of our product to better protect our customers.
The threat and risk landscape has never been more intense. Still, methodology and technology have improved. We hope to share our experience and expertise in navigating SOC 2 and other compliance frameworks to help other companies committed to a safer world of SaaS companies. Stay tuned for more.
Any opinions expressed here and statements made are not legal advice, nor representations or warranties, and are intended to promote discussion around technology and data protection.