After quite a bit of hard work, Keyri is now SOC 2 compliant. Some might ask, why would an early stage company go through this process? The answer is simple in our minds. We are, first and foremost, a security company and feel adhering to the most stringent security standards is important for our customers, so it’s imperative that we adhere to those ourselves as well.
What is SOC 2 Compliance?
SOC 2 specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy. A SOC 2 report is tailored to the unique needs of each organization. Depending on its specific business practices, each organization can design controls that follow one or more principles of trust. These internal reports provide organizations and their regulators, business partners, and suppliers, with important information about how the organization manages its data. Getting compliant is a big step for us for a few reasons.
Getting Compliant Early in Our Journey
We started SOC2 preparation prior to hiring our first employee, which is undoubtedly early for most companies, but we wanted to ensure we were instilling best practices from day one. To follow through with certification demonstrates our commitment to best practices as we continue to scale.
For those of you that are reading this post and thinking about SOC 2 compliance, it’s also significantly easier to achieve compliance with fewer employees as we all know implementing policies and procedures from scratch only becomes more difficult with scale.
Meeting Standards Expected by Large Organizations
Keyri’s QR infrastructure products have proven to be applicable for companies of all sizes, from newly created businesses to scaled enterprises. Of course, compliance expectations differ greatly from org to org based on needs and size. As Keyri continues to work hands-on with enterprises, we feel it’s important to make sure we check all the boxes necessary for these companies. SOC 2 compliance represents the final step in the enterprise customer checklist and will enable us to work with many more large organizations without forcing them to create exceptions in their process.
Offering Peace of Mind
We strive for best practices in everything we do at Keyri throughout all lines of our organization. With that being said, it’s incredibly helpful to get an outside opinion on those practices. Becoming SOC 2 compliant confirms our adherence to certain important criteria and gives us further peace of mind that we are on the right track going forward.
A Thank You to Our SOC 2 Support Teams
We partnered with Vanta, the leader in continuous compliance monitoring, to help us automate the collection of our audit evidence. Vanta provides us with the strongest security foundation to protect our customer data. We also partnered with Johanson Group for our SOC 2 audit and Cobalt for our pentest. I can’t say enough good things about our partners and highly recommend them if you’re looking to get SOC 2 compliant in the future.
Want to Learn More?
If you’re interested in working with Keyri, a SOC 2 compliant company, you can get started with us by signing up here. Just want to chat or have any questions? Email me at firstname.lastname@example.org or email@example.com.