Datafold is SOC 2 compliant - What it means for you

After joining Datafold, the author was tasked by CEO Gleb with pursuing SOC 2 compliance to demonstrate the company's commitment to data security and integrity. SOC 2, created by the AICPA, is a security audit that evaluates an organization's data protection controls. Datafold achieved SOC 2 Type 1 compliance, which assesses security practices at a specific time, and aims to achieve Type 2 compliance, requiring a longer evaluation period. The process involved revising policies, using tools like Vanta for guidance, and working with auditors to ensure controls were effective and auditable. The author learned the importance of aligning policies with business risk rather than making them overly strict. During the audit, clear documentation and cooperation with auditors were crucial. Datafold plans to pursue further compliance initiatives, continue improving security policies, and invest in training as the company grows.