Opal has officially obtained its SOC-2 report! This is a huge milestone for the company and demonstrates our commitment to securing customer data.

Fun fact: We used our own product to make this process significantly easier. Here’s how:

1. SOC-2 requires you to review all indefinite access regularly. Using Opal, we were able to set short-lived and dynamic access for all critical infrastructure. This dramatically reduced the number of permissions we needed to audit!

2. For our ongoing audits, we used our built-in auditing capabilities to launch audits across the company, contact resource owners to review memberships, and created a report that can be exported to our auditors.

Huge shoutout to our friends at Drata and The Cadence Group for helping us out with our SOC-2 audits. Also - we want to thank Doyensec for our penetration testing!

To learn more - please contact us at hello@opal.dev or visit our website: https://opal.dev/