Zesty is Officially SOC 2 Compliant!
First, what exactly is SOC 2 compliance?
SOC 2 is a voluntary compliance standard for tech companies with cloud-based products that specifies how an organization should manage customer data. The compliance guidelines which are set by the AICPA (American Institute of Certified Public Accountants) ensure services are secure, available, and confidential and that InfoSec best practices are in place.
What does being SOC 2 Type II compliant mean for Zesty?
As an automated cloud optimization platform trusted by hundreds of customers around the world, information security has always been at the forefront of Zesty’s priorities. To be clear, our products use an IAM role that gives us read-only access to the metadata of the running resources in our customer’s AWS account. Zesty, therefore, never accesses any company or customer data.
However, for the metadata that we do collect, our customers rely on us to keep this data protected. Therefore, we go to great lengths to ensure it is safeguarded according to the highest standards and regulations.
Being SOC 2 compliant makes this ideal a reality by ensuring our infrastructure and practices are in line with the globally-recognized framework, SOC 2. Our SOC 2 Type II report provides official proof that our internal controls have been correctly designed and are operating effectively.
Our SOC 2 audit report provides detailed information and assurance about the security, availability and confidentiality of our systems, ensuring our customers’ data is safeguarded.
So, what exactly was audited?
Let’s take a look at just some of the controls that were evaluated, relating to our technology, people, policies, procedures and data:
- Onboarding/offboarding of employees
- Cloud infrastructure security
- Risk management
- Access control restrictions
- Multi-factor authentication
- Threat detection
- Change management procedures
- Assets management
- Data encryption
- Security awareness training and more
Boosting trust, through compliance
Our SOC 2 report means that our customers can place full trust in the security of our cloud automation platform. It also assures them that their sensitive information is managed with robust security care and that we are committed to five-star security standards. We can show our customers and prospects that they are teaming up with a company that takes security seriously and that they can trust Zesty every step of the way.
Getting compliant with automation and advisory
As SOC 2 first-timers, we knew we wanted to work with SOC 2 experts who could guide us through this complicated process, and ultimately make the project as simple as possible.
Between the automation and audit management platform, as well as dedicated compliance advisory, Scytale helped us streamline the SOC 2 compliance process tremendously. This significantly reduced the daunting workloads and number of hours spent on audit preparation, allowing our day-to-day business to remain uninterrupted.
At Zesty, we are committed to the continuous review and ongoing updates of our information security and best practices, maximizing the protection of our customers’ data and ensuring we are security-conscious in everything we do! We’re proud to have achieved SOC 2 compliance, providing our customers with further proof that they’re in safe hands with Zesty.