What is SOC 2
SOC 2 defines criteria for managing customer data.
Our goals for having SOC 2
- We want to generate more revenue
- We want to take security seriously
A SOC 2 or any other major certificate (like ISO or HIPAA) helps to achieve revenue-generating compliance. We go for SOC 2 because this is the standard in our largest market (the US).
What does that mean for you?
Drata
In your Welcome Aboard doc, you’ve got the task to sign up to Drata, install Drata Agent, complete your security awareness training, and read and accept the policies.
Drata tests our security controls and Drata Agent automatically collects evidence that allows us to prove that our employees have maintained continuous compliance.
A couple of things from the policies we want to highlight:
- If you need new or different access to a tool we use, please request it through a ticket in the IT workflow in Shortcut. Make sure to ping the owner of the tool in the ticket. If you’re not sure who that is, ping @Kaylie Boogaerts and @Daniel Paulus.
- If you’ve just onboarded, you can add a tool to your IT onboarding ticket (linked at the top of your welcome aboard page).
- Use complex passwords and ‣ to manage them.
- Enable MFA (Multi-Factor Authentication) on all your accounts, especially Heroku if you have an account there!
- We prohibit the use of all removable storage devices, like USB or hard drives.
- All Checkly data is to be stored in cloud services.
- Close and lock your workstation when you step away from it.
- If you installed any work apps on your phone, make sure your phone is password-protected.
- Don’t have a MacBook? Our approved antivirus solution for Windows based systems is Microsoft Defender Antivirus.
Background check