Netacea Completes SOC 2 Type 2 Compliance

Netacea is proud to announce that six months on from completing SOC 2 Type 1 compliance, we can now confirm SOC 2 Type 2 compliance as well, further demonstrating our commitment to data security and protecting our customers.

SOC 2 is comprised of an independent audit carried out by an external agency who produce a report into how securely an organization handles sensitive information, such as personal data.

Why is SOC 2 compliance imperative for Netacea?

Our mission at Netacea is to defend our clients against malicious traffic, such as bots carrying out attacks likweb scrapingcredential stuffing, fake account creation and scalping. To deliver the most accurate results in the bot management space, we analyze every single request made to our clients’ servers, meaning we process and store trillions of requests annually.

While we never store any personally identifiable information about visitors to our customers’ web estates, they rightly want to be assured that any data we collect from them or on their behalf is handled properly and always kept secure.

The security of customer data is something we consider to be the upmost priority at Netacea. Working closely with clients to best serve their business needs means building trust. Obtaining SOC 2 Type 2 compliance is a validation of our security strategy and program of work.

SOC 2 Type 1 vs SOC 2 Type 2

Achieving SOC 2 Type 2 compliance builds on our SOC 2 Type 1 accreditation achieved last year – but what’s the difference, and why did we aim for Type 2 on top of achieving Type 1?

Whilst SOC 2 Type 1 assesses a business’s data security practices, operations and processes for a given point in time, SOC 2 Type 2 goes further by assessing these factors over a prolonged period.

This allows the audit to measure the effectiveness of the systems put in place, as well as whether they are designed to meet relevant trust principles. SOC 2 Type 2 evidences how data security is managed on top of how processes have been set up and considered – Think of it as an assessment of the plan in action.

As with our SOC 2 Type 1 audit, the third-party assessment focused on four key areas:

• Security
• Availability
• Confidentiality
• Privacy

Also in line with last year’s SOC Type 1 audit, this report went into detail on our processes for our software development lifecycle, vulnerability, risk, change management and security policies, plus our encryption protocols, security incident response management, disaster recovery strategies, access controls, data backup, and system monitoring.

An achievement to be proud of

“We’re extremely pleased to have passed our SOC 2 Type 2 audit with flying colors,” said Andy Ash, Netacea CISO. “The audit process was completed without complication, which speaks to the hard work the whole team has put in to ensure the security of all of our data at all times, above and beyond the expected standards.”