Announcing SOC 2 Type I Certification for Scalr

We are pleased to announce that Scalr is officially SOC 2 Type 1 certified. 

A copy of Scalr’s SOC 2 Type 1 certification report is available to current and potential users under NDA upon request.

What is SOC 2 Type I? 

A SOC 2 Type I certification is performed by an independent third-party auditor. It certifies that a service provider such as Scalr has implemented all the necessary controls to securely manage customer data at a specific point in time. 

Scalr has been evaluated according to the 5 trust service principles defined by the AICPA (American Institute of Certified Public Accountants):

• Security: is Scalr protected against unauthorized access?
• Availability: is Scalr able to deliver on its SLA?
• Processing integrity: is the Scalr service properly designed not to produce data processing errors?
• Confidentiality: is the data processed by Scalr only accessible by a limited number of authorized individuals?
• Privacy: is Scalr protecting customers’ personal data?

Why does SOC 2 Type I matter?

The security of our customers' data and the reliability of the Scalr service is at the core of everything we do. Our product, security and engineering teams have designed the Scalr system to securely operate at scale for the most critical and demanding use cases.

Some of the world’s most security-obsessed organizations are trusting Scalr to govern their mission-critical Terraform deployments, from up and coming FinTech to worldwide retail brands and US government agencies. 

The SOC 2 Type I certification report enables anyone to assess the level of security and reliability of a service provider faster. Our Type I certification is one of the many components of the security framework we’re operating with, and we’re happy to provide our community a high level of confidence in our own security practices. 

We’re continuously monitoring and improving our security posture, and for more information about Scalr’s security practices, please visit www.scalr.com/system-description

Our next milestone: SOC 2 Type II

Now that we’ve achieved the Type I certification, we’re focused on our next milestone: achieving SOC 2 Type II compliance. 

The Type II report will validate the effectiveness of the controls that have been implemented for the Type I audit over a duration of 6 months instead of a specific point in time. 

Stay tuned for our next SOC 2 Type II blog post!