We are proud to announce that ConductorOne has received SOC2 Type 2 certification. The SOC2 certification sets the standard for security practices at companies today. This affirms ConductorOne’s commitment to secure customer data and preserve their trust.
With the process fresh in mind, below are a few quick takeaways for us:
C1 for C1: Using ConductorOne internally
One of the most strategic product initiatives you can run as a company is to dog-food your product internally. It enables your team to deeply understand the problems you are solving and to experience the rough edges of your product. If you have a highly enabled team, then magic follows: the team proactively makes the product better.
We are thrilled to use ConductorOne internally as a best-in-class solution for access control and access reviews. Stay tuned for an upcoming post for a more in-depth look into that process, but suffice to say, our auditors were blown away by how efficiently and quickly ConductorOne addressed the access management policy of our SOC2.
Vanta for our SOC2 automation
We decided early on to use Vanta to help us with our SOC2. As an industry leader in the space of compliance automation, it was an easy choice to go with Vanta as their track record and leadership in the market was clear. The process was easy and streamlined. Thanks to Christina and her awesome team at Vanta for being great partners in helping us on this journey!
Earlier is Better
We are a startup. We could have put off our SOC2 for down the road, but our customers trust us with their identity, access, and permissions and we take that charge seriously. Our company’s internal security practices meet or exceed the baselines set by the SOC2 Type 2 assessment, and always will. This is deeply important to myself and my co-founder, Paul Querna.
We are security people building a security company. Our product secures identity and permissions for our customers. We are a mission critical SaaS automating access control and helping companies reach least privilege access. It is essential that our customers, Security, GRC, and IT teams, trust us and know that we will we always do what is right by them. This certification is a key element in building that trust.
Why pursue SOC2 Type 2?
SOC2 reports deal with implementing a set of security best practices. SOC2 Type 2 is specifically concerned with how those best practices are operationalized to ensure that your company meets trust service principles over a specified period.
We made the decision to pursue a Type 2 report because meeting SOC2 criteria in a single point in time is not enough. We are building a culture of security and seek to ensure our internal processes adhere to – or even exceed – best practices for the industry. Yes, this meant more work, but we believe that this is the right investment to make for our customers.
If you are on the journey to reach SOC2, we would love to help you with access control and access reviews. Talk to us
