At Striim we recognize the essential role that our software plays in the data architecture of our customers. Our unified real-time data integration and stream processing platform and our fully managed SaaS data products in Striim Cloud, are the vital engines that drive the data for many mission critical applications. Our customers need to trust us, and our software, to be secure and available.
Nine months ago we announced our SOC 2 Type I certification. To further this trust, we are very excited to announce that Striim has now achieved SOC 2 Type II certification.
A SOC 2 assessment report provides detailed information and assurance about an organization’s security, confidentiality, availability, processing integrity, and/or privacy controls, based on their assurance of compliance with the American Institute of Certified Public Accountants (AICPA) Trust Services Principles and Criteria for Security. A SOC 2 report is often the primary document that the security departments of our customers will rely on to assess Striim’s ability to maintain adequate security, and reviewing such documents is itself often required by SOC 2 controls.
SOC 2 compliance comes in two forms: the SOC 2 Type I report which describes the design of the controls we have in place to meet relevant trust criteria at specific point in time; and a SOC 2 Type II report which details the operational effectiveness of those controls over a specified period of time. These reports are the results of audits performed by independent third parties, in our case Grant Thornton LLP.
We completed SOC 2 Type I last year, and successfully operated the controls for a period of nine months in order to become SOC 2 Type II certified. The Controls that the audit covers include Striim as a corporation, our on-premise Platform and the Striim Cloud managed SaaS offering. They cover infrastructure, software, devices, people, data, and our corporate and customer policies, procedures and processes.
To achieve this certification, we relied on the investments we made for SOC 2 Type I certification in defining processes, policies and procedures, as well as training and utilization of technologies. Continual internal audits ensured we were meeting our goals and not straying from the many controls we have in place. This required the continual efforts of a cross functional team including contributions from executive management, security, human resources, engineering, infrastructure and legal departments.
SOC 2 is not just a certification, and it is not something you do once just to gain a check mark. The annual audits require that the controls and processes around them are ingrained into the DNA of every Striimer, and the insight gained during the process is a stepping stone to other broader and industry specific certifications.
This is just the start of our journey, so stay tuned for further exciting updates. The SOC 2 Type II report is available on request for our customers and those in the process of evaluating Striim.