codefortynine achieved SOC 2 Type II compliance

Get ready for some exciting news! We’re thrilled to announce that codefortynine has achieved an important milestone, our first security certification, by successfully completing the SOC 2 Type II certification. This achievement underscores our commitment to ensuring the safety and integrity of our customers’ data. Join us as we delve into the world of SOC 2 compliance and explore how our success in the security audit sets us apart in the competitive Atlassian Marketplace.

SOC2-Type-II-Certification

Understanding SOC 2 and the Security Factor:

SOC 2, or Service Organization Control 2, serves as a gold standard for assessing how organizations handle critical aspects such as security, availability, processing integrity, confidentiality, and privacy of customer data. It’s all about creating an impregnable fortress to protect valuable information. At codefortynine, we recognized the importance of security and compliance from the get-go, solidifying our dedication to safeguarding our customers’ data.

Behind the Scenes of the SOC 2 Audit:

The SOC 2 security audit was no small feat for us at codefortynine. Even before we decided to start with the process of getting the certification, we had to overcome serious concerns in the company. With a tight-knit group of seven employees and a company culture based on trust, we had worries that adopting the necessary policies for a SOC 2 certification would turn codefortynine into something different. In the absence of knowledge about the process, there was left a lot of space to imagine codefortynine’s future as some kind of corporate hellscape where compliance bureaucracy would make work slow and painful and performance metrics would replace honest feedback. We prioritized transparency, holding several meetings to address questions about the entire process and give the whole team the possibility to be involved. We managed to resolve any serious concerns about changes at the company and are proud that we were able to harmonize the necessary controls and security for SOC 2 with our open and trust based company culture.

To navigate the intricate world of compliance, we partnered with Vanta, a leading compliance platform, and enlisted the support of the auditors at Prescient Assurance. Vanta proved invaluable, offering integrations with our tool chain and automating the evidence gathering of policies, infrastructure monitoring and security best practices like MFA and SSO. Armed with a comprehensive checklist and progress bar, which is great for motivation and staying on the ball, we swiftly implemented changes, including adopting a mobile device management solution, enhancing our security infrastructure, implementing asset management practices, and formalizing our code review process.

Our journey to SOC 2 Certification

SOC2 Certification Process Timeline. Starts in October 2022 and ends with certification in August 2023.

Image credits: Compilation of graphics by upklyak on Freepik

Perks of Nailing the Audit:

  1. Reinforced Security: By successfully completing the SOC 2 security audit, we have taken our security measures to a whole new level. Valuable insights and recommendations from the audit have enabled us to strengthen our systems, ensuring they are robust and resilient against potential threats. We have implemented multi-factor authentication (MFA) and/or single sign-on (SSO) on all critical systems, providing an additional layer of protection. Furthermore, we upgraded our office Wi-Fi network to WPA2 Enterprise with intrusion detection, enhancing the security of our network infrastructure. To support remote workers, we established a modern WireGuard VPN, enabling them to benefit from these comprehensive security upgrades. By formalizing policies and cementing established best practices, we ensure that stringent security standards are upheld even as our company continues to grow.

  2. Trust and Credibility: The SOC 2 security certification sends a clear message to you, our customer, – your data is in safe hands! This achievement builds trust, boosts confidence, and establishes codefortynine as a reliable and security-conscious partner. You can rest assured that your sensitive information is handled with the utmost care and diligence.

  3. Surpassing Competitors: In the competitive tech landscape, security is a paramount concern for businesses. Our SOC 2 security certification sets us apart from the competition, giving us a distinct advantage. Customers seeking a secure and trustworthy technology partner will gravitate towards codefortynine, knowing that we prioritize data protection and adhere to the highest security standards.

  4. Springboard for Future Audits: Our success in the SOC 2 audit serves as a solid foundation for future endeavors. Moreover, our achievement paves the way for pursuing additional certifications like the prestigious ISO 27001, opening up new avenues of growth and credibility.

Conclusion:

codefortynine’s successful completion of the SOC 2 Type II audit underscores our dedication to data security and compliance. While we aren’t the first on the Atlassian marketplace starting the compliance journey – A shoutout to Raimonds and the eazyBI team who made the same journey a bit earlier and whose blog post motivated us to renew our focus on SOC 2 – we are early in the compliance game and have positioned us as trustworthy partners and security advocates within the Atlassian Marketplace. Our speed was also aided by the candid advice of fellow security enthusiasts in the Atlassian Marketplace. Andreas from yasoon was willing to share their experience in their ongoing journey to ISO 27001, and we are happy to hear that they recently successfully finished their ISO 27001 audit.

You can download our SOC 2 report and follow our compliance journey on our new trust report page.

Consent Management Platform by Real Cookie Banner