2020-09-10 Julie Penner
Originally published at blog.ironcorelabs.com.
Free Tool for Startups Getting SOC 2 Certified
SOC 2 is a pain, especially for a startup. But it’s necessary if you want to sell to mid-size or larger enterprises. SOC 2 is a laundry list of requirements around processes, security, high availability, personnel management, and more. It’s a good list of things a startup should be doing but probably isn’t. To buyers, it’s a mark of business maturity.
A year ago, we announced that Ironcore was SOC 2 compliant after completing our Type I audit, a process that involved looking at five key principles within the company: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
We’re committed to the security of our data and the data of our customers and partners, and we successfully passed our SOC 2 Type II audit in April. The Type II audit required us to have the controls in place that we outlined in our Type I audit for a period of at least six months, though we chose to look back at all of 2019.
As data breaches are becoming more costly, the average cost is up to $3.9M, we’re seeing a trend of companies needing to be SOC 2 compliant earlier and earlier in their lifecycle in order to do business.
There are services that can help with compliance, but they tend to be very expensive and inflexible. We built an internal SOC 2 dashboard tool that we’ve made public so we can share it with others in the hopes of making the process a little easier and a little less expensive (SOC 2 audits are expensive enough on their own!) We’ll continue to refine our dashboard over time, but we think it’s a great place to get started.
We hope if you improve it, that you’ll share your improvements back with the community to make us all better and our data more secure for the future.