<aside> 💡 Gatsby is proud to be SOC2 certified! Learn more about what it means to be SOC2 certified and the testing we go through below.

</aside>

What is SOC2?

SOC 2, which stands for Service Organization Control 2, is a framework for managing and securing sensitive information. SOC 2 certification is relevant to companies that store customer data in the cloud and is often associated with technology and cloud computing organizations. Here are the key aspects of SOC 2 certification:

  1. Security: This criterion requires that the system is protected against unauthorized access (both physical and logical). It includes measures such as firewalls, encryption, and access controls to ensure the security of the system and data.
  2. Availability: SOC 2 mandates that the system is available for operation and use as committed or agreed. This involves measures to prevent and mitigate disruptions to services, including redundant systems and disaster recovery planning.
  3. Processing Integrity: The system must process data accurately, and its output must be reliable. This ensures that data is not compromised during processing and that the system performs its functions correctly.
  4. Confidentiality: Information designated as confidential must be protected as committed or agreed. This involves safeguarding sensitive data against unauthorized access or disclosure.
  5. Privacy: This criterion pertains to the collection, use, retention, disclosure, and disposal of personal information. It ensures that the system complies with the organization's privacy policy and relevant privacy laws and regulations.

What does it mean to be SOC2 Certified?

Achieving SOC 2 certification involves a thorough assessment of an organization's controls and processes related to these criteria. An independent third-party auditor conducts the assessment to verify compliance. Once certified, organizations can provide assurance to their customers and partners that they have implemented strong security and privacy practices.

Is Gatsby SOC2 Certified?

Yes! If your organization requires a SOC2 report please reach out to us directly via slack or at [email protected].

<aside> ❓ Did we miss something? Not to worry! Reach out via Slack or email our support team at [email protected]

</aside>