In December Fibery received SOC 2 Type II certification. It took us 8 months and serious effort from some developers and security experts to complete this task.
We started in March and were frustrated to select a partner that will help us get SOC 2 certificate, but many people recommended Vanta, so we went with Vanta and never regretted the choice. Vanta made the process much easier with automated reports about missing things we should fix/improve/add. Johanson Group LLP helped us with the certification process and collaboration was smooth.
What is SOC 2?
SOC 2 Type II is a report that is performed by an independent auditing firm and it demonstrates that a company has the right controls in place to secure sensitive data such as personal and financial information. The report is based on the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria, and it is intended to give assurance to customers, regulators, and other stakeholders that the service organization has implemented and maintains appropriate controls to protect sensitive data.
Why we decided to get SOC 2 Certificate?
Any sane company wants to make sure that its data is secure. While we put serious effort into security, there is no good way to indicate that Fibery is secure enough. Certification is the only solid way to make sure that Fibery meets all major security, availability, and privacy practices.
In fact, for any large company lack of certificate was a showstopper, so we finally removed this barrier to Fibery adoption.
Random lessons for your SOC 2 certification process
- Use Vanta.
- Have a dedicated developer in the team who will lead all development-related things.
- Split work, don’t do everything alone.
- Be patient. It takes 6+ months at least.
- Be ready to spend around $40K, 300 hours of your developers, and 150 hours to nail all documents right.
- Start with documentation and insurance agreement, don’t leave them for the end, as it takes much time.
Are we happy?
Yes, we are! It was the longest activity on our roadmap and it is done, finally. We are inviting larger companies to try and enjoy Fibery.
P.S. If you need a copy of Fibery SOC 2 Type II certificate, write to firstname.lastname@example.org.