Iteratively is SOC 2 compliant

We’re making our commitment official with a 3rd party audit of compliance with industry standards.
Blog Post Main Image
Contents
What does this mean for our customers?
Security is an ongoing process

Since our founding we’ve recognized the importance of our customers’ data privacy and security and made sure we built our product from the ground up with that in mind. Now we’re taking that a step further by becoming SOC 2 compliant. This solidifies that our security policies, measures, and procedures rigorously protect our customers’ data.

We’re excited to announce that Iteratively is now compliant with the SOC 2 Type 1 standard for security and we’re on track to receive our SOC 2 Type 2 certification by the end of 2021.

What does this mean for our customers?

In your day-to-day use of Iteratively you will see no changes, but in the background our team  has designed a range of policies, systems and controls to be held by every single employee to ensure we’re always meeting industry standards and remaining compliant and secure.

For your peace of mind, here are some of the things we’re doing: 

  • Continuous security control monitoring – We’re using Drata’s automation platform to continuously monitor 100+ internal security controls across Iteratively against the highest possible standards. 
  • Bi-weekly Security Council meetings – We have an appointed Security Officer and the team meets bi-weekly to ensure we’re continuously going above and beyond.
  • Employee training – Security is a company-wide endeavor and at Iteratively all employees and contractors complete an annual security training program and always employ best practices when handling customer data.
  • Penetration tests – We’re working with an industry recognized security firm (Federacy) to perform regular network and application layer penetration tests.
  • Securing our software development process – We utilize a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.
  • Data encryption – Data is always encrypted both in-transit using TLS and at rest.

If you’d like a copy of our security report, let us know over email or Slack. The report is a look into the state of our security controls and will give you complete insight into how seriously we’re taking your data security by continuously monitoring our security and compliance posture.

Security is an ongoing process

Security is not a one and done thing, but an ongoing process of maintaining industry standards and remaining vigilant. We’ll continue to meet SOC 2 standards and will go through an additional audit (SOC 2 Type 2) to verify that we’re maintaining the security protocols needed over time. And we’ll update our customers again once SOC 2 Type 2 is completed. 

We’ll be monitored continuously so we can confidently prove our security and compliance posture any day of the year, while fostering a security-first mindset and culture across our company. What’s more, we’ll be undergoing yearly audits and penetration tests to further solidify that we’re remaining compliant. 

If you have any questions about our security practices, our SOC 2 compliance process or anything else, don’t hesitate to reach out to us.