We Passed Our SOC 2 Type 1 Certification! And We’re Happy!!

We’ve built Altinity.Cloud as the easiest, fastest and most reliable way for developers around the world to use ClickHouse. With that mission comes the responsibility to protect customer data with the highest standards of security, something we take very seriously. That’s why we’re excited to announce that we have achieved SOC 2 Type 1 certification.

Altinity.Cloud – Secure by Design

Being responsible for customer data warehouses, we believe that security is a fundamental part of our offering. Our customers trust us to store and process their data and expect that Altinity will maintain the privacy of their data and keep information secure and confidential at all times. Security is a constant consideration in product design and implementation, but that alone is not sufficient to protect data in SaaS applications. 

We are therefore working hard on ensuring security in everything we do – which means we have implemented controls around our production systems, infrastructure, software, people, procedures, and data supporting Altinity.Cloud platform (more information https://altinity.com/security). In turn, we want our customers to receive independent assurance proving we meet our commitments.

What is SOC 2 and why it is important?

SOC (System and Organization Controls) 2 is a widely recognised security compliance attestation that was defined by the American Institute of Chartered Public Accountants (AICPA) and is considered to be the standard for assurance surrounding data security and operational maturity. A SOC 2 certification provides valuable information for enterprises to assess the quality of security provided by a service like Altinity.Cloud.

Many larger companies and enterprises have high requirements for tech vendors and especially for SaaS providers. When we meet with potential customers they often have many questions about our policies and procedures, including how we control access, protect data, and how we track and respond to incidents. Our SOC 2 certification report offers detailed answers to these questions and makes it easier to move through the security approval process with such customers.

Preparing for the SOC 2 standard certification was also a great learning experience that helped us align our company culture, policies and processes to match best industry practices.

Our SOC 2 readiness process and partners

We started our SOC 2 compliance process with Vanta.com – their team’s guidance and tools helped us get oriented around SOC 2 requirements quickly and continues to help with compliance monitoring every day. The Vanta team also introduced us to several different auditors.

For audit and certification, we were looking for a highly reputable auditor firm to match the high standards of our customers. We chose The Cadence Group who had completed audits for companies like PagerDuty, Sendgrid, Looker (acquired by Google) and had great references. Going through the audit can be a stressful experience, but working with The Cadence Group was systematic and smooth. Their team was professional, responsive and reasonable through all stages of the process. In addition to the auditing services, The Cadence Group also has an excellent PEN testing team, and we were pleased with their work helping us harden our system.

Next steps: continuous compliance recertification

Maintaining and improving security requires constant work. We remain committed to continuously improving our compliance with industry standards. With SOC 2 Type 1 achieved, our next natural step is pursuing SOC 2 Type 2 certification – we are entering a new audit phase which will further validate the effectiveness of our controls over time. We will undergo recertification annually to certify that we are keeping up to our high standards continuously.

Our SOC 2 Type 1 report is available on request to all our customers, and everyone interested under NDA.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.