Company
Dec 7, 2021

Our Commitment to Security: We are SOC 2 Type 2 Certified!

Learn more about what SOC 2 means for us and the security of our customers.

Stephen Cobbe
CEO & Co-Founder

As a company that puts security first for our customers, getting SOC 2 Certified was a no-brainer. In April 2022, we got SOC 2 Type I certified, and to show we're continually growing along with our customers, we've been working toward and finally achieved SOC 2 status!

What is SOC 2 and what does it stand for?

SOC 2 stands for System and Organization Controls (SOC). It's an independent, third-party assessment of an organization's security practices. Types I and II of SOC 2 demonstrate different levels of proven security standards.

Is SOC 2 Type II better than Type I?

According to Vanta, the biggest difference between Type I and Type II certification is moving from simply understanding good security practices to proving consistent commitment to security. It's like getting compliments on a first date vs. getting a dedicated date night every week for years. You've moved from empty niceties to commitment.

For us, we're excited to show the results of our commitment to security. We know it matters to our customers, so it matters to us!

Why does it really matter to have SOC 2 Type II certification?

A SOC 2 is considered one of the most rigorous reports that exist to date, so any business that's gone to the lengths of completing one is serious about security. Beyond that, it also shows the business has the right standards in place for the future as well.

You can rest assured the data you share with Opal not only meets the AICPA* standards for security but has a solid foundation for years to come.

Have questions about our SOC 2 report or what it means for you? Shoot us a message at hello@opal.dev! Learn more about our dedication to security.

*Opal's SOC 2 Type 2 Report covers the AICPA’s Trust Services Principle and Criteria of Security. The report also includes a mapping of the controls tested to ISO/IEC 27001:2013 Annex A / ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2014, HIPAA security requirements, and FFIEC’s examination guidelines for GLBA Information Security.

Stephen Cobbe

Updates + insights about the future of access management