We are thrilled to announce the successful completion of our System and Organization Controls (SOC) 2 Type 2 audit, conducted by A-LIGN, with no major findings identified. You can access the report upon request at our Support Portal.
This milestone comes as a follow-up to our previously announced SOC 2 Type 1 audit back in April 2023. To provide a brief distinction, the Type 1 audit shows that our security processes and operations are well-established, while the Type 2 audit confirms that we consistently adhere to these practices on a day-to-day basis. While the concept is straightforward in explanation, continuous adherence to security practices can be quite complicated and require a company-wide commitment to cyber security.
How does this benefit our customers?
The completion of this audit does not bring about any immediate changes to our daily business operations or the functioning of the Manychat platform. What it does accomplish is the verification that our processes, security and infrastructure systems, both in their documentation and execution, effectively support the protection of customer’s data.
Practically speaking, our employees adhere to multi-factor authentication (MFA), have need-to-know and least-privilege access to specific systems, and undergo periodic access reviews to ensure that only authorized individuals have appropriate access for legitimate reasons. We maintain thought vulnerability and patch management processes. We enforce code reviews and pull requests before merging any code, along with automated deployment procedures. These practices not only ensure consistency but also minimize external interference and prevent many common errors. Additionally, our logging and notification systems are in place to promptly detect and alert us on any suspicious activities that require our attention. For a comprehensive overview of all our security and compliance controls, please refer to our SOC 2 Type 2 report.
Fundamentally, the principles behind SOC 2 Type 2 controls serve as sound guidelines for designing and operating systems in general. This audit affirms that our operational practices align with these fundamental principles.
What’s on the horizon?
Obtaining the SOC 2 Type 2 report alongside our ISO/IEC 27001 certification is a significant achievement. Currently, we have a robust foundation for pursuing other compliance certifications and audits, and our roadmap will be influenced by the specific needs of our customers. If you require compliance with ISO/IEC 27701, GDPR-CARPA, NIST CSF, or any other specific certifications, please don’t hesitate to reach out to us upon request through the Support Portal.