What’s a SOC 2 Type 2 report and what does it mean for the company?
A SOC 2 Type 2 report is a high-level, external audit that captures how a company handles and safeguards customer data with detailed information and assurance about the organization’s security controls based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).
This report is proof of our ongoing commitment to maintaining the highest possible standard of our services. We've always cared deeply about our users’ privacy and security, but as we scaled and our customers became increasingly complex, their needs evolved as well. To make sure we meet those needs, we have been recently audited and found compliant with SOC 2 Type 2 criteria and we're excited to have reached this milestone.
Moreover, to ensure we'll continue to meet those needs in the future, we've adopted a yearly cadence of audits that will help us maintain the highest standards of security. We look forward to growing with all of you for years to come.
What does this mean for our customers?
Not much will change in your day-to-day use of Bitrise, but in the background, we've designed a number of systems, controls, and policies that ensure that we meet industry standards and stay compliant and secure, such as:
- Product security: virtualized environment, source code protection, access control
- Data security: DPA, backups & geo-redundancy, data encryption
- Network security: firewall and encrypted communications
- Application security: secure coding, penetration testing, automated code security checks
- Business security: background checks, confidentiality, security awareness training, breach notifications
- Physical security: data center security, 24-hour office surveillance, and more.
We hope you found this information useful & that you'll continue to build apps, securely, on Bitrise.