Learn how Neon's autoscaling works - it estimates Postgres' working set size and keeps it in memory. Engineering post here
Company

Celebrating Milestones: SOC 2 Type 2 Compliance

Achieving SOC2 Type 2

Post image

We have some exciting news on the security front – this month, we’ve successfully passed the SOC 2 Type 2 audit, following closely on the heels of our Type 1 audit in June. This accomplishment underscores our commitment to staying at the forefront of security standards. 

This article details our path to achieving our successful SOC 2 certification (Trust Service Principles: Security & Confidentiality & Availability), provides insights into the process, and outlines our future plans.

Understanding SOC 2 Compliance

SOC 2, or Service Organization Control 2, is an AICPA-developed framework for ensuring data security, availability, processing integrity, confidentiality, and privacy.

In our proactive security approach, we prioritize protecting systems against unauthorized access, ensuring data privacy, and safeguarding sensitive information. This commitment extends to demonstrating robust internal controls and assuring our clients of secure data handling practices. By incorporating industry best practices, we set benchmark standards for secure data management, reinforcing our dedication to maintaining the highest security standards.

SOC 2 compliance is crucial for several reasons. It builds trust with clients, which is often required for partnerships, and demonstrates a strong dedication to data security. It also provides organizations with a competitive edge, highlighting their commitment to high-security standards. Furthermore, SOC 2 compliance ensures that a business adheres to relevant data privacy regulations and fulfills the necessary legal obligations.

As a developer, being SOC2 compliant shows that Neon has put in place measures to secure the systems and your customers’ data. This means our development process, infrastructure, and system architecture have been evaluated thoroughly and tested with industry-recognized security and compliance standards. For those who use our services, SOC2 assures that their user data is hosted and managed within a secure environment. Neon follows strict protocols and protects sensitive customer data from unauthorized access while ensuring data integrity, confidentiality, and availability. 

Neon’s Journey to Compliance

Our journey toward SOC2 compliance was a detailed and months-long process. We started by closely examining our existing security measures against SOC2 standards, fixing any issues we found. We then adjusted our internal rules to match SOC2 criteria, implementing stronger incident management, disaster recovery, vulnerability management, logging & monitoring, vendor management, risk assessment, and access controls. As we implemented these changes, we exceeded the requirements of SOC2, thereby enhancing Neon’s overall security. The journey concluded with an audit by a third-party audit firm, confirming Neon’s compliance with the highest standards. This process not only achieved compliance, but showcased our commitment to making Neon more secure. 

Explore our path to SOC2 Type 1 compliance by visiting our blog at: https://neon.tech/blog/soc2-type-1 

Next Steps

Looking ahead, in addition to maintaining our SOC2 compliance, we will be working toward ISO 27001 (security) and ISO 27701 (privacy) certifications in 2024. These internationally recognized standards showcase our commitment to top-tier information security and privacy management. Achieving these certifications not only builds trust with our clients but also demonstrates our dedication to meeting the highest global standards. Stay tuned for updates on our journey towards security excellence.