What is SOC 2 Type 2 and Why is it Important?

Alex McConnell
Alex McConnell
28/06/24
2 Minute read
SOC 2 banner image

Article Contents

    Netacea is proud to announce that one year on from originally completing SOC 2 Type 2 compliance, we have successfully passed our latest audit. This is an accolade we take pride in as it further demonstrates our ongoing commitment to data security and protecting our customers.

    What is SOC 2 and why is it important?

    SOC 2 (Systems and Organization Controls 2) is an external report on a service organization’s controls for managing customer data in line with standards set by the American Institute of CPAs (AICPA).

    Netacea underwent a third-party audit with an accredited external firm to evaluate our infrastructure, software, processes, and policies for managing customer data based on four trust service principles, all of which we see as essential to delivering safe cybersecurity services:

    • Security
    • Availability
    • Confidentiality
    • Privacy

    The audit examined our organization holistically to scrutinize all our processes and controls in depth. Within this scope, the report details our processes for security policies, vulnerability, risk, change management and the software development lifecycle; as well as our security incident response management, access controls, data backup and disaster recovery strategies, system monitoring, and encryption protocols.

    Why is SOC 2 compliance imperative for Netacea?

    Our mission at Netacea is to defend our clients against malicious traffic, such as bots carrying out attacks like web scraping, credential stuffingfake account creation and scalping. To deliver the most accurate results in the bot management space, we analyze every single request made to our clients’ servers, meaning we process and store trillions of requests annually.

    While we never store any personally identifiable information about visitors to our customers’ web estates, they rightly want to be assured that any data we collect from them or on their behalf is handled properly and always kept secure.

    The security of customer data is something we consider to be the upmost priority at Netacea. Working closely with clients to best serve their business needs means building trust. Obtaining SOC 2 Type 2 compliance is a validation of our security strategy and program of work and assures our customers that the security, availability, confidentiality, and privacy of their data is protected.

    SOC 2 Type 1 vs SOC 2 Type 2

    Maintaining SOC 2 Type 2 compliance builds on our SOC 2 Type 1 accreditation achieved several years ago – but what’s the difference, and why did we aim for Type 2 on top of achieving Type 1?

    Whilst SOC 2 Type 1 assesses a business’s data security practices, operations and processes for a given point in time, SOC 2 Type 2 goes further by assessing these factors over a prolonged period.

    This allows the audit to measure the effectiveness of the systems put in place, as well as whether they are designed to meet relevant trust principles. SOC 2 Type 2 evidences how data security is managed on top of how processes have been set up and considered – Think of it as an assessment of the plan in action.

    Also in line with last year’s SOC Type 1 audit, this report went into detail on our processes for our software development lifecycle, vulnerability, risk, change management and security policies, plus our encryption protocols, security incident response management, disaster recovery strategies, access controls, data backup, and system monitoring.

    An achievement to be proud of

    “We’re extremely pleased to have passed our latest SOC 2 Type 2 audit with flying colors,” said Andy Ash, Netacea CISO. “The audit process was completed without complication, which speaks to the hard work the whole team has put in to ensure the security of all of our data at all times, above and beyond the expected standards.”

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.
    Book

    Related Blogs

    Price Scraping: How Does it Work and Who is at Risk?
    Blog
    Alex McConnell
    |
    19/11/24

    Ask the Experts: Black Friday Bot Attacks

    Get expert insights on the growing threat of Black Friday bot attacks and what retailers can do to stay one step ahead.
    Shopping trolley
    Blog
    Alex McConnell
    |
    14/11/24

    Evolution of Scalper Bots Part 5: The Rise of Retail Scalping

    Delve into the professionalization of scalper bots and the challenges in anti-bot legislation in our insightful blog post.
    Person hiding behind Google logo
    Blog
    Alex McConnell
    |
    13/11/24

    How Bot Expertise Stopped the Google Translate Bot Proxy Technique

    The Netacea data science team reveals a new attack technique: web scrapers using Google Translate as a proxy. Learn how to detect and protect against this evolving bot threat.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats

    Book a Demo

    Address(Required)
    Privacy Policy(Required)