SOC it 2 me: Jani explains SOC 2
With Robocorp's recent SOC 2 announcement, Jani Palsamäki wanted to explore what the certification really means.
September 22, 2021 – Jani Palsamäki
You may have seen that Robocorp recently completed our SOC 2 Type II certification. There’s a lot of buzz around the SOC 2 certification, not just from Robocorp, but from companies across the board. So I wanted to dig a little deeper and explore just what the SOC 2 certification means.
Just what is SOC 2?
SOC - Scottish Ornithologists' Club? Not quite. System and Organization Controls.
According to Vanta, “A SOC 2 audit is an independent, third-party assessment of your security practices, and it can be a great way to grow your business and assure larger customers of your security.”
As you may know, the SOC 2 audit comes in two flavors:
- Type I: Collect data for one day. Show you understand the necessary security procedures.
- Type II: Prove you follow those procedures over a long period of time.
Why is SOC 2 compliance important?
Everything worth doing is worth doing well. Ever since its inception, Robocorp has followed operational best practices and is committed to continuing doing so, including privacy and data security.
Ok, Robocorp. You talk the talk, but do you walk the walk?
Although we speak with integrity and honesty, getting additional assurance of dedication to quality from external sources does not hurt. That is why we have worked with an external auditor with the goal of hanging a shiny “SOC 2 Type II Certification” on our virtual office wall.
Also, it is really hard selling to enterprises if you haven’t paid for pieces of paper. ;-)
The certification proves that we understand the necessary security procedures and seemingly do so consistently!
How does SOC 2 apply to Robocorp in practice?
Sure, there is quite a bit of work required on the road to compliance, but in Robocorp’s case, not many practical changes were needed due to our continuous dedication to operational best practices.
Robocorp partners, customers, and users can rest assured that their data will be handled responsibly, professionally, and with great care. Whether it’s orchestrating and managing the robots and their business data in Control Room or using the developer tools, security is always taken into consideration.
Most of the effort went to documenting and formalizing policies and training Robonauts.
Robocorp uses Vanta for active, real-time monitoring and alerts, also after receiving the certification. Thanks to this, the compliance stays great constantly and does not rely solely on annual checkpoints.
How long does it take to get SOC 2 Type II certified?
It depends. In Robocorp’s case, the practices and policies were already on a good level. However, we wanted to ensure that these practices are here to stay, so all in all, the process took roughly six months to go through the thorough audit performed by a third party.