All Blogs

Artur Souza

|

September 23, 2024

Diagrid achieves SOC 2 type II compliance

At Diagrid, we value operational excellence. As part of our ongoing commitment, we are excited to announce Diagrid's SOC 2 Type II compliance as of August 30th, 2024. This milestone highlights our dedication to maintaining the highest standards in security on an ongoing basis.

Read Diagrid's SOC 2 Type II Attestation press release.

What is SOC 2?

SOC 2 (System and Organization Controls 2) is a framework established by the American Institute of CPAs (AICPA) to ensure that service providers manage data securely to protect the privacy of their clients. In essence, SOC 2 compliance provides clients with the assurance that the company has implemented strong safeguards and are committed to maintaining the highest level of data security and privacy. It confirms that practices are designed to protect the client’s sensitive information and that they adhere to industry best practices.

Achieving SOC 2 Type II compliance involves a rigorous examination of an organization’s systems and controls over a defined period—typically six months or more. Unlike SOC 2 Type I, which assesses the design of these controls at a single point in time, SOC 2 Type II evaluates the operational effectiveness of these controls over the entire evaluation period.

Why This Matters

For Diagrid, achieving SOC 2 Type II compliance is more than just a compliance report; it’s a testament to our unwavering commitment to operational excellence and security. As we continue to scale our operations and support a growing customer base, ensuring that our systems are secure, reliable, and resilient is paramount. Many of our customers operate in heavily regulated industries like financial services and require confidence that we have procedures in place to protect their data and maintain its integrity.  This includes;

  1. Enhanced Security: Diagrid continues to demonstrate our commitment to safeguarding customer data from unauthorized access and breaches. We continuously monitor and update our security controls to proactively address emerging threats and vulnerabilities.
  2. Operational Excellence: SOC 2 compliance audits the robustness of Diagrid’s processes for managing and monitoring the availability and integrity of our systems, with minimal risk of downtime.
  3. Continuous Improvement: The SOC 2 framework encourages ongoing evaluation and improvement of Diagrid’s systems and controls, ensuring that we remain vigilant and proactive in addressing potential risks.

Our Journey to SOC 2 Type II

Achieving SOC 2 Type II compliance required planning, execution, and a company-wide commitment to security. We worked diligently to enhance our existing controls, document our processes, and ensure that every aspect of our operations met the stringent criteria set by the AICPA. The audit process was thorough, encompassing our policies, procedures, and technical systems.

As we implemented the security controls required for SOC 2, we made changes to our policies and operations to maintain the controls in compliance. Vanta has been an important tool for us to keep SOC 2 controls in check and track SLAs. For example, when an employee joins the company, Vanta tracks the required onboarding steps and monitors the security settings on the employee's computer. We also use Vanta for inventory management in the cloud, access management to tools, risk assessment and many other controls in SOC 2.

Another important control we implemented is a vendor management process, where we assess the security and compliance of the vendors we use for critical parts of our company. Just as Diagrid needs to be a trusted vendor for our customers, we also want trusted vendors in our company’s operations.

Having  SOC 2 security controls in place is a result of the collective effort across the company, it reflects the high standards we set for ourselves in every aspect of our business, from product development to customer support.

What’s Next for Diagrid?

While achieving SOC 2 Type II compliance is a significant milestone, it is by no means the end of our journey. Security and compliance are ongoing processes, and we are committed to continuously improving our systems and practices. Our goal is for Diagrid to remain a trusted partner for all our customers.

Looking ahead, we will continue to prioritize security as we innovate and expand our offerings. Whether through enhancing our existing services or developing new products , our commitment to protecting our customers data remains at the forefront of everything we do.

Our Auditors

Diagrid Inc was audited by Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI,ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR. For more information about Prescient Assurance, you may reach out to them at info@prescientassurance.com

Receiving our SOC 2 Type II report

Whether you are a Diagrid customer or a prospective client, you can request our SOC 2 Type II report by emailing us at support@diagrid.io.