This post was originally published on Earthly's blog.
We take security very seriously here at Earthly. As a user, you shouldn't have to worry about a SaaS vendor being sloppy with your or your business' data. We have an information security program that has been in place and communicated throughout our organization for quite some time now, but that assurance only means so much. That's why we are excited to announce that Earthly achieved SOC 2 Type 1 compliance on March 29, 2023.
What Is SOC 2?
Service Organization Control 2 (SOC 2) is a set of criteria established by the American Institute of Certified Public Accountants (AICPA) to assess controls relevant to the security, availability, and processing integrity of the systems a service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems. SOC 2 compliance is important for SaaS providers like Earthly, as it demonstrates that we have implemented controls to safeguard users' data.
There are two types of SOC 2 compliance:
- SOC 2 Type 1: Validates that an organization has established appropriate controls at a specific point in time.
- SOC 2 Type 2: Confirms that an organization has maintained and operated those controls over a period of time, typically 6 to 12 months.
What Does This Mean for Earthly CI and Satellites Users?
From a functional standpoint, achieving SOC 2 Type 1 compliance doesn't mean anything. Earthly CI and Earthly Satellites will work exactly as they always have and as expected.
From a non-functional standpoint, SOC 2 Type 1 compliance means that we have established a set of controls and processes to ensure the security of our users' data. This compliance demonstrates that we have the necessary measures in place to protect sensitive information from unauthorized access and disclosure.
What's Next? SOC 2 Type II
Our commitment to security doesn't end with SOC 2 Type 1. We are already working towards achieving SOC 2 Type 2 compliance, which we plan to accomplish by Fall 2023. This will further validate that we maintain the highest levels of security, ensuring that our users can continue to rely on and trust Earthly.
To request a copy of our SOC 2 Type 1 report, contact firstname.lastname@example.org.