Sturdy announces SOC 2 Type II security compliance certification

Joel Passen
July 11, 2022
6 Min Read
Software

It's official: Announcing our SOC 2 Type II Report

Shortly after launching Sturdy, we started our SOC 2 certification process. A SOC 2 report is for services organizations that hold, store, or process the information of their users. You can read more about it here.

Late last year, we obtained our SOC 2 Type I report. This represents a "snapshot", indicating that we have robust controls in place to ensure the security and availability of our customers' data.

Today, we are announcing that Sturdy has obtained a SOC 2 Type II report. This is the most comprehensive SOC protocol, and attests not only to the suitability of our process and systems, but our operational effectiveness of sticking to those controls over a period of time.

The full writeup describes our suite of controls for securing and handling customer data, including:

  • System monitoring and ongoing risk assessments
  • Internal access control to production environments
  • Disaster recovery, data backup, and incident response processes
  • Communication of changes to customers
  • Employee on-boarding and termination processes
We're proud of this report. It is a reflection of our dedication to security and the product of many months of hard work from our team, particularly Eric Weidner. Our commitment to security is about more than checking a box: every day we make sure that our systems and processes are worthy of the important data our customers trust us with.

Sturdy is a data-centric system of intelligence for post-sales teams. Working with data, including some of our customer's most sensitive information is what we do. We work to earn their trust by putting security and privacy front-and-center. This includes industry-leading controls, data minimization, and a secure-by-design architecture. Perhaps most importantly, we have built a security-conscious culture from Day 1: everyone at Sturdy knows that we solve for security first. You can read more about our processes and approach below.

Security Program

At SturdyAI, the security and integrity of our customer's information is of utmost importance. Therefore, Sturdy has developed and maintains a comprehensive Information Security Management program to manage risks to the security, availability, confidentiality, integrity, and privacy of Sturdy systems and products. Our program has been independently audited and certified to meet the requirements of Trust Services Criteria SOC2 Type II.

Privacy

Sturdy products utilize customer communication data to detect important signals that may have private information included such as names and contact information. To protect the privacy of this information, we maintain policies and processes to comply with data privacy regulations such as CCPA and GDPR and to help our customers comply with their obligations as the controllers of this data. Please see the Sturdy privacy policy for more information on data privacy practices and controls.

Infrastructure

Sturdy utilizes Amazon Web Services (AWS) as the Infrastructure-as-a-Service hosting provider. All data stored in AWS data centers located in the United States. Communications into our services are encrypted-in-transit and data is stored encrypted-at-rest using industry standard encryption mechanisms. Web application firewalls and network management tools such as VPC's, private subnets, and security groups are used to manage the flow of information and access between services. Infrastructure services are defined, managed, and deployed with Infrastructure-as-Code orchestration tools for consistent and repeatable systems.Tenant data is isolated in separate systems and production systems are kept in restricted access accounts separated from the development environments. 3rd-party penetration testing is conducted annually.

Questions about Sturdy's security program? Contact us at security @ sturdy.ai. 

Similar Articles

Sturdy’s Executive Revenue Dashboard is in Beta

Churn is the biggest threat to growth for B2B businesses having recurring revenue models.

Joel Passen
4 Minutes
February 28, 2023
Software
Why We Don't Have Nice Things

I have always been fascinated by how product roadmaps are maintained. So much so that I feel it necessary to pen a bombastic screed on the topic.

Steve Hazelton
3 Minutes
June 3, 2024
Software
“What are we building next?”

I have worked on the product side of software for about 20 years, and the most common question from management is, “What are we building next?”. It is a question that I ask myself almost every day.

Steve Hazelton
2 Min Read
December 2, 2022
Software