Rockset Is Now SOC 2 Sort II Compliant

The Rockset staff is proud to announce that we’ve got been accredited as SOC 2 Sort II compliant. Our prospects entrust Rockset with their information, and now they’ve rigorous, unbiased assurance that we shield it by following safety greatest practices.

What’s SOC 2 Sort II?

SOC is one among a number of System and Group Controls audits developed by the American Institute of CPAs (AICPA), the world’s largest member affiliation of accountants. Every SOC check evaluates the validity of a enterprise or service supplier’s safety controls and the operational effectiveness of their methods.

SOC exams differ considerably, nevertheless. In accordance with Forbes journal, SOC 2 “is probably the most thorough and broadly valued of the three SOC reviews,” and the Sort II accreditation requires “a much more in-depth evaluate” of our information safety protocols than the Sort I. And MPA (Mortgage Skilled America) journal calls SOC 2 Sort II “among the many most coveted and exhausting to acquire information-security certifications.”

By reaching SOC 2 Sort II compliance, Rockset was capable of display that our info safety and information insurance policies, procedures, and practices will shield our buyer’s information. It exhibits that we’ve taken the right steps to make sure that information is safe.

Scope

What was included within the audit? At a excessive stage, Rockset was assessed on the themes of Safety, Confidentiality and Availability for the technical infrastructure and firm processes required to provide and help our SaaS service.

• Change administration:
  Updates to the infrastructure, utility, UI and API are linked to documented necessities, and merging of latest code requires peer evaluate.
• Secrets and techniques administration:
  Encryption keys, passwords and different secrets and techniques are saved securely in access-controlled vaults with permission granted solely on a necessity foundation.
• Metrics-based alerting:
  Operational efficiency information feeds into real-time dashboards and alerting methods.
• Safety monitoring:
  Alerts are despatched to the safety staff on a spread of occasions, together with uncommon outbound connections, anomalous authentication occasions, and suspicious server processes.
• Hiring, onboarding and off-boarding processes:
  The Individuals Staff ensures the abilities and skills of latest hires match the necessities of every open place, conducts screenings throughout the hiring course of, requests acceptable accesses primarily based on function, and ensure these accesses are eliminated when personnel depart the corporate.
• Entry controls:
  Entry is granted to firm sources primarily based on function, and are reviewed on an ongoing foundation.
• Vulnerability administration:
  Rockset conducts common Third-party penetration exams and receives vulnerability reviews from unbiased safety researchers on an ongoing foundation. Safety bugs are remediated by precedence and tracked to decision.

What Does This Imply for You?

For enterprises trying to carry on third-party service suppliers, Rockset’s SOC 2 Sort II compliance signifies a stage of course of maturity that minimizes danger and focuses on the safety of buyer information.

Rockset’s SOC 2 Sort II compliance implies that our danger mitigation contains the event of deliberate insurance policies, procedures, communications and different processing options to answer and get well from any enterprise disruption. With this dedication, Rockset is ready to make sure the influence of any potential danger to our prospects is minimized.

If you wish to be taught extra about what SOC 2 Sort II accreditation means for you, try this complete listing from InfoSecurity Journal.

Our Dedication to Your Information’s Safety and Privateness

Earlier than we even based Rockset, we knew that safety and compliance could be entrance and middle when it got here to constructing our information observability platform structure. Actually, safety runs in our DNA. A number of of us hail from cybersecurity suppliers like Palo Alto Networks and/or have cybersecurity certifications.

What’s Subsequent?

With SOC 2 Sort II, there isn’t a “resting in your laurels.” It’s an ongoing dedication. We’re consistently striving to exceed the requirements, and frequently enhance our safety posture.

When you have questions on Rockset’s SOC 2 Sort II compliance, attain out to our staff at safety@rockset.com. To be taught extra about Rockset’s Safety Design, please go to: https://rockset.com/whitepapers/rockset-security-design

About Martin Englund

Martin Englund is the Info Safety Officer at Rockset and member of the Web site Reliability Engineering staff. He holds a CISSP certification and lives by the motto “The query is not when you’re paranoid, it’s if you’re paranoid sufficient”.

Martin has over twenty 5 years of expertise in safety and automation, and has contributed to quite a few open supply DevOps instruments. Previous to his present function, he has labored as Web site Reliability Engineer at Palo Alto Networks and Manufacturing Engineer at Fb.

Earlier than switching fields to Web site Reliability Engineering, he was a Principal Safety Engineer at Solar Microsystems, the place he spent over fifteen years in varied safety roles all through the corporate, co-authored the Solaris Safety Necessities e-book, and authored a safety patent.