👋This is a guest post on the PixieBrix blog written by Craig Stoss , Direct of CX Success at...
PixieBrix Is Now SOC 2 Type 1 Compliant!
When you're busy trying to make your tools work the way you need them to, the last thing you should have to worry about is your data.
That's why we're happy to announce that PixieBrix has just received its clean SOC 2 Type 1 attestation. What does that mean?
SOC attestation involves a rigorous, independent assessment of our internal security measures — in this case, performed by A-LIGN. Receiving it confirms that we are dedicated to keeping your data safe and adhering to the highest standards for privacy and availability.
This is a big milestone, but it's not the end. We're living this commitment to security every day, and it guides everything we do at PixieBrix.
"With our open-source browser extension, enterprise-grade controls, and new SOC 2 report, PixieBrix is the most scalable and secure way for enterprises to extend the web applications their teams already use."
- Todd Schiller, CEO.
You can learn more about what we're doing to keep your data safe here.
More details on the SOC 2 Type 1 requirements
Developed by the AICPA, SOC 2 is an extensive audit that ensures companies are handling customer data in a secure way, protecting both the company and customer privacy. SOC 2 is designed for service providers that store customer data in the cloud.
Trust service principles
There are five core principles to SOC 2 attestation, following the AICPA Trust Services Principles and Criteria. Together, these principles reflect the commitment cloud-based software providers must make to protecting sensitive customer data.
- Availability: Services must remain available to users with limited amount of downtime, and they have to understand what they're getting by using these services.
- Security: This principle covers all measures an organization must take to protect customer data. Firewalls, intrusion detection, and multi-factor authentication are examples of these measures.
- Confidentiality: The data handled by providers must be protected with encryption, access controls, and firewalls to prevent leaks and access from unauthorized accounts.
- Processing integrity: Data must be processed accurately and completely in a way that's valid, accurate, and timely.
- Privacy: All user data has to be gathered, used, and disclosed in a trustworthy fashion. You can learn all about our privacy and security policy here.
Why is SOC 2 important?
With more cloud services processing sensitive and confidential business data, attestations like SOC 2 become increasingly important. Earning our SOC 2 Type 1 attestation report was a big priority for us, and we're glad we've reached this milestone. It's essential that service providers show their willingness to process data responsibly and safely.
If you have any questions about this or what it means for PixieBrix, please don't hesitate to contact us! We'd be happy to answer your questions.