We are happy to announce that Altinity.Cloud, our managed ClickHouse platform, is now SOC 2 Type II certified! This is a new milestone for Altinity in providing transparency to customers about our commitment to security.
What is SOC 2 Type II and how we achieved it
There are two levels of System and Organization Controls for Service Organizations 2 (SOC 2) certification: Type I audit assesses the design of controls (which Altinity achieved earlier this year), and Type II audit affirms effectiveness of controls over a period of six months. SOC 2 audits are performed by independent audit firms following the standards defined by the American Institute of CPAs (AICPA).
For SOC 2 Type II certification the auditors thoroughly investigated our last six months of operations and collected evidence to verify our internal controls and related practices and policies were consistently compliant. The evidence covered change management, asset management, data protection, disaster recovery, access control, incident response, internal/external communication, risk assessment, pen testing, vulnerability management, HR, employee security training and many more areas and aspects related to security.
Gaining SOC 2 can be a difficult task, policies and controls impact everyone in the company, but we took a strategic decision early on to invest in security and to work harder to ensure security is a priority in everything we do. Building controls that comply with standards requires extra efforts and dedication from our teams. To make it more effective we also use compliance automation platform Vanta that helps with compliance monitoring every day.
What does this mean for our customers?
Our customers can now be confident that we act with the highest standards of security. We can now share the SOC 2 Type II report with our customers for a deep dive into our measures in place, including descriptions of the Infrastructure, Software, People, Data, and Control Framework that make Altinity a trusted, secure organisation.
Complete SOC 2 compliance demonstrates Altinity’s continuous commitment to customer data security and privacy.
Our SOC 2 Type II report is available on request to all our customers to customers as well as interested propects. Please contact us for more details.
Security compliance is an ongoing journey. SOC 2 controls have transformed our business and how we work. They have become a part of our work culture. To ensure all our controls are effective and to be able to demonstrate that to our customers, we will repeat 3rd party SOC 2 audits annually to renew our certification. We also plan to seek additional compliance certifications over time including ISO 27001. We welcome feedback from our customers who seek more evidence and transparency.
SOC 2 Type II certification would not be possible without a combined effort across the entire Altinity team. I would like to thank everyone in the company for helping us to meet this important milestone for customers. Let’s keep raising the bar!