Data security and privacy is an essential component of our dedication to upholding our promise to protect sensitive user data.
We have a super exciting announcement to make about hotglue. We are now SOC 2 Type II certified.
hotglue's SOC 2 Type II report
SOC 2 is a type of security audit that was created by the American Institute of CPAs (AICPA) that holds service providers to a high standard when managing and securing user data. A few months ago, hotglue obtained a SOC 2 Type I report, which is a snapshot of all the systems and services we use to process data and the security measures that we maintain to provide a safe service to our customers.
Immediately after the completion of our SOC 2 Type I certification, we decided to dive head-first into receiving our SOC 2 Type II report. After 4 months of observation, we have received our final signed report saying that hotglue is compliant with the standards of SOC 2 Type II. It is similar to the Type I, but instead of a snapshot, is a report that includes an observation period in which the way hotglue handles security is measured.
An independent auditor directed an audit of our servers, systems, and security processes, ensuring that our security policies and procedures adhere to the standards set for SOC 2. This audit also ensures that we are protected against unauthorized threats (including physical access).
What makes up SOC 2 compliance
Any company that utilizes a cloud service provider looks towards SOC 2 to provide an accurate assessment regarding the issues that may arise with using third-party technologies. As mentioned previously, you can think of SOC 2 Type I compliance as a snapshot of a business at any given moment. It looks that there are measures put in place to maintain security of all sensitive data. The SOC 2 Type II is an observation period that evaluates the effectiveness of the measures a company lays out in their Type I report.
What's next for security at hotglue
To continue our commitment to security, we will continuously obtain our SOC 2 Type II reports (you need to update it periodically to make sure you are upholding the practices you lay out in your Type I).
If you would like to hear more about how we maintain security, feel free to find some time with our team.
You can also learn more about our security here.