Ionic is proud to announce that we have completed our SOC 2 examination and are SOC 2 Type I compliant. This is the latest achievement in our ongoing commitment to industry-leading security for our users and customers. Receiving a compliant SOC 2 report means that Ionic is securely managing 3rd party data to protect information and ensure privacy for customers of Appflow, our mobile CI/CD solution.
What is SOC 2
System and Organization Controls (SOC) 2 is a standard established by the American Institute of Certified Public Accountants (AICPA) to test an organization’s controls for information security and privacy. It is the industry standard for companies and products that use the cloud to store data. In addition to validating strong processes to protect against data breaches and security incidents, SOC 2 is required by many enterprises evaluating vendors and tools like Ionic.
A SOC 2 Type I audit specifically tests the design of a compliance program and compliance at a point in time. This involves defining and documenting security controls and providing evidence that controls are functioning properly. A SOC 2 audit must be completed by a CPA firm.
By pursuing and achieving SOC 2 Type I compliance, Ionic is in line with top organizations in the industry and has demonstrated a commitment to security. Appflow customers can rest assured that we have completed a critical step in establishing and ensuring safety controls.
The Road to SOC 2
Choosing a vendor to complete the SOC 2 examination process is a critical decision. Ionic has partnered with Laika, a leading compliance platform that provides end-to-end support, so that we have a trusted partner every step of the way. Working with Laika, Ionic completed a thorough review of our systems, controls, policies, vendors, as well as testing and auditing to ensure compliance with the standards set forth by the AICPA.
Completing the SOC 2 examination is a rigorous process that audits against five Trust Services criteria:
A complete review of the entire architecture and data flow of Appflow’s systems was conducted. This includes how data is managed and stored, as well as any third-party vendors or services used. The review included documentation, testing, and any recommended revisions to ensure security.
Another aspect of completing the examination is the documentation of all policies related to security and privacy. This means defining dozens of policies across 15+ compliance categories, as well as providing evidence that these policies are enforced.
Ionic also submitted to an audit of its processes in relation to development, including access controls, change management, incidence response, observability factors like monitoring, error reporting, and alerts, and data retention and disposal procedures.
Ionic + Security
Appflow takes a number of steps to ensure the safety and security of our customer data. We document our protocols across various security areas on our Appflow Trust page. These include:
We know that your users trust you with their data, and in turn you trust us.
Ionic’s focus on security also includes providing security solutions that ensure the safety of your mobile applications and data, including Auth Connect, Identify Vault, and Secure Storage.
SOC 2 Type II compliance, which requires an ongoing observation window of 6-12 months, is the next step. We will continue to make security a top priority and provide updates as we make progress toward Type II compliance.
For more details, the SOC 2 Type
I report is available by request. Contact your Customer Success
The post Ionic Achieves SOC 2® Type 1 compliance appeared first on Ionic Blog.
Read more https://ionic.io/blog/ionic-achieves-soc-2-type-1-compliance