Our customers trust us with their most sensitive conversations: the conversations they have with their customers. We take that responsibility seriously, and spend a lot of time thinking carefully about how we build and operate Abbot.
In the past, companies had to take vendors at their word about their security practices. Many hours have been spent filling out long security questionnaires about secure development practices and data protection with the hopes of assessing the company's processes.
The SOC 2 audit process helps reduce that need. It was designed to accomplish two things: ensure companies have adequate controls around data protection and software development, and make sure those controls are complied with in an auditable way. SOC 2 compliance helps companies quickly understand that the vendor has some established best practices in place and being followed.
Setting up those controls and processes can take a long time, but we made it a priority to establish them early. While we’re a small company and believe in the power of shipping quickly, getting controls in place early helped us get used to shipping this way. Fortunately, Vanta made it pretty easy for us—many of our tests and controls are automated. The Type II report is the result of auditors verifying that we had controls in place and used them. Going forward, we’ll go through this audit process every year to ensure our compliance remains.
If you’re one of our customers and want to chat about our SOC 2 or you’re thinking about it for your company, don’t hesitate to email us at firstname.lastname@example.org. We’re always glad to share!