The Pipe Platform Achieves Security and Compliance Milestone with SOC 2 Type I Attestation

We're thrilled to announce that we’ve successfully completed our first SOC 2 Type I audit for the Security Trust Services Criteria and received our SOC 2 Type I report.

The report is critical for our customers and assures them we are taking the necessary steps to protect their data.

SOC 2 is a framework used to evaluate and validate an organization's information security practices. It's widely used in North America, particularly in the SaaS industry. To get a SOC 2, an organization's security controls are investigated against a set of criteria to verify that the org has implemented the right policies and protocols to protect the customer's data. The SOC 2 audit must be performed by a certified public accountant (CPA) at a firm that is accredited by the American Institute of CPAs (AICPA).

Many industries have regulatory requirements that mandate third-party providers maintain a certain level of data security. The SOC 2 report simplifies the process of meeting these requirements, making it easier for our customers to comply with industry regulations.

Our SOC 2 journey started more than a year ago. Since then we've started meticulously reviewing our policies, updated our day to day processes, adopted tools and made changes to the Pipe Audio, Video & Screen Recording Platform needed to pass this exam.

Some of the work included:

1. reviewed procedures for onboarding and off-boarding employees
2. reviewed code of conduct and confidentiality agreements with our employees
3. adopted and made periodic vulnerability scans against our front-facing infrastructure
4. monitored company-owned employee equipment in scope (laptops) with an MDM
5. reviewed third-party agreements and formally evaluated risk
6. widely adopted SSO and 2FA with our suppliers (cloud servers, support, etc,)
7. periodic reviews of our cloud firewalls and data/server/supplier access permissions

This builds upon extensive prior efforts to safeguard the data, our platform and be transparent about how we process data.

The work doesn't stop there. We hope to obtain a SOC2 report for the Security, Availability, Confidentiality and Privacy TSCs in the next year.

We prepared using the Vanta trust management platform and were audited by Consilium Labs.

At Pipe, we remain dedicated to providing our customers with the highest level of security and compliance.

If you're interested in seeing the report, please e-mail us at contact@addpipe.com.