We’re excited to announce that Supaglue has successfully achieved SOC 2 Type I compliance. As a vendor that touches sensitive business data, we take security very seriously. This important milestone underscores our commitment to delivering top-tier security to all our customers. This report means that Supaglue is securely managing 3rd party data for Supaglue Cloud, our managed offering of the Supaglue open source project that we maintain.
System and Organization Controls (SOC) 2 is a standard established by the American Institute of Certified Public Accountants (AICPA) to assess an organization's controls for data security and privacy. It’s the industry standard for companies that store data in the cloud. In addition to certifying processes for protecting against data breaches and security incidents, SOC 2 is also required by many companies evaluating products like Supaglue which handle sensitive customer data.
A SOC 2 Type I audit specifically tests the design of a compliance program at a specific moment in time. This involves defining and documenting security controls and providing evidence of their effective functioning. The SOC 2 audit is conducted by an independent CPA firm.
For our SOC 2 journey, Supaglue has partnered with SecureFrame, a leading compliance platform to ensure end-to-end support. Working with SecureFrame, Supaglue completed a comprehensive review of our systems, controls, policies, vendors, and underwent testing and auditing to ensure compliance with AICPA's standards.
The SOC 2 certification means that larger customers are now able to use Supaglue’s managed offering in their own products.
For some of our customers, the SOC 2 certification means we’re now able to remove their operational burden of self-hosting Supaglue on their own infrastructure, and migrate them to our managed offering. We’re also able to offer better product reliability and support through Supaglue Cloud. If you're interested in Supaglue Cloud, you can request early access here.
The next step is SOC 2 Type II compliance, which requires an ongoing observation window of 6-12 months. We will continue to make security a top priority and provide updates as we make progress toward Type II compliance.
Our SOC 2 Type I report is available by request. Please reach out to email@example.com to receive a copy.