CoLab Achieves a Clean SOC 2® Type 1 Report: What That Means and Why it Matters

Keeping customer data secure and protected is important for any software company, but for CoLab it’s absolutely mission-critical. We serve engineering teams and large organizations where IP security is paramount. Because we’ve known that since day one, security has always been an immovable pillar in everything we do to build and grow CoLab.

In fact, we often use the phrase “security as a solution” to describe our philosophy. Some teams might be fine with treating security standards as just another box to be checked off, but that’s never been the way we do things at CoLab. With our security-first approach to product development and infrastructure design, CoLab is built to the highest standards of security and data protection—and always will be.

That’s why we’re proud to announce that CoLab has officially received a clean SOC 2® type 1 audit report with zero findings.

So what does that mean? And why does it matter to anyone outside CoLab? Read on to find out!

‍

What is SOC 2?

The SOC 2 framework is part of the System and Organization Controls (SOC) suite of services laid out by the American Institute of Certified Public Accountants (AICPA). Designed for service organizations, including cloud-based SaaS companies like CoLab, it provides criteria for the controls and systems used to protect corporate and customer data. This allows organizations to build strong security programs by following the SOC 2 framework—but it also offers assurance to anyone outside the organization that the security standards in place have been vetted and verified.

To meet SOC 2 requirements, organizations must undergo an external audit and receive a clean audit report.

There are two types of SOC 2 reports:

• Type 1: A report on management’s description of a service organization’s system and the suitability of the design of controls.
• Type 2: A report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.

Essentially, a SOC 2 type 1 audit confirms that an organization’s security program meets the SOC 2 standards; a SOC 2 type 2 audit confirms that an organization is upholding those standards on an ongoing basis. SOC 2 type 2 reports are typically only valid for up to 12 months. To maintain SOC 2 status, a fresh audit and report is required each year.

Why CoLab cares about SOC 2

Pursuing the requirements for SOC 2 is not a small undertaking. So why did CoLab make it a priority? Simply put: we did it for our customers.

CoLab’s mission is to accelerate the pace of engineering innovation. We can’t do that unless we make it easy for engineering teams to trust us with their sensitive IP and vital information. Data security is important to any business, but it’s particularly crucial for the large engineering organizations we serve.

As an industry-recognized security framework, achieving the SOC 2 requirements gives our customers (and future customers) peace of mind. Since the SOC 2 audit process is conducted by a third-party accounting firm, our verified SOC 2 type 1 report lets customers feel confident that all the right security controls and features are in place to proactively keep their data safe.

The value of SOC 2 

While this is indeed a milestone achievement for CoLab, it’s also great news for our customers and potential future customers. Some organizations have specific security requirements around SOC 2 reports. But even beyond that, working with vendors who are SOC 2 compliant offers significant value.

When you choose a vendor who meets SOC 2 requirements, you gain the benefit of:

Industry-recognized security standards

• AICPA is an organization with long-established credibility. Since SOC 2 reports were introduced by AICPA more than 10 years ago, they’ve become a highly trusted tool for evaluating the state of a company’s security.

Independent verification through an external audit

• A SOC 2 audit report includes detailed information about the company’s controls and protocols, all of which has been externally validated through an extensive audit process conducted by a credentialed third party.

Ease of doing business

• Without a SOC 2 report, it takes more time and effort to assess a new vendor for security risks—whereas companies with a clean SOC 2 report are able to quickly provide detailed, verified security information for you (or your security team).

Companies that take the initiative to pursue SOC 2 are also sending a clear message about the importance they place on cybersecurity, information protection, and privacy. It’s a voluntary process that requires a significant commitment to achieve, and also to maintain. So when you’re doing business with a vendor who has a completed SOC 2 audit report, you can feel confident they take your security concerns as seriously as you do.

What’s next?

Our completed SOC 2 type 1 audit report is only the beginning for CoLab. While we’re thrilled to achieve this milestone, we’re already working diligently to prepare for our next steps!

We’re on track to achieve our SOC 2 type 2 audit report by the end of 2022.

Furthermore, CoLab is also registered in the Government of Canada’s Controlled Goods Program (CGP) and we’re actively working towards CMMC/ITAR readiness (mid 2024).

‍

‍

‍To learn more about CoLab's robust security program, visit our Security page.