Zephyr Cloud is now SOC 2 Compliant
After months of hard work we are pleased to share that Zephyr Cloud is now SOC 2 compliant. This work was shared across our entire team, but special thanks to our co-founder and CTO Dmitriy for all the late nights writing system descriptions to Sika, Spencer, Sergey, Vika and the rest of the Zephyr Cloud team for getting everything put into Vanta and making sure we keep everything up to date.
What is SOC 2 Compliance
SOC 2 specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy. A SOC 2 report is tailored to the unique needs of each organization. Depending on its specific business practices, each organization can design controls that follow one or more principles of trust. These internal reports provide organizations and their regulators, business partners, and suppliers, with important information about how the organization manages its data. Getting compliant is a big step for us for a few reasons.
Why Getting Compliance Matters
We are proud that organizations and teams of all sizes work with Zephyr Cloud. Given that some of these organizations are in areas that require heavy regulation and compliance this is a core requirement in order to go to production.
We view security, integrity and confidentiality as core tenants of our business. To follow through with certification demonstrates our commitment to best practices as we continue to scale.
Trust But Verify
Compliance expectations differ greatly from organization to organization, and by us achieving SOC 2 we go beyond the level of "just trust us, we're secure" and have our practices verified by industry leaders.
A Thank You to Our SOC 2 Support Teams
We partnered with Vanta, the leader in continuous compliance monitoring, to help us automate the collection of our compliance evidence. We also worked with the team at BARR Advisory for our third-party audit. Both of these vendors made a complex process bearable and the teams were friendly and professional. They weren't our cheapest options, but they were recommended to us and we couldn't be happier with the result.
What's Next
Getting compliant is just the beginning. Continued compliance is the real commitment.
We also are working on putting our self-hosting compliance together for those that require it. More to come later.
Thank you for using Zephyr Cloud, we build it because we want to help create better software.
Stay connected by following us on X and LinkedIn.