Today, after many months of working behind the scenes, we are proud to announce that Runbear has achieved SOC 2 Type II certification.

Some might ask, why would an early stage company go through this process? For us, the answer is quite simple. As we are a company that works in adjunction with AI, we believe that adhering to the most stringent security standards is important for us and for our customers.

What is SOC 2 Compliance?

SOC 2 compliance is a designation indicating that a company meets specific criteria for managing customer data based on five "trust service principles" set by the American Institute of CPAs, or the AICPA. These principles are the following:

1. Security: Protection against unauthorized access (both physical and logical).
2. Availability: Ensuring the system is operational and accessible as agreed.
3. Processing Integrity: Ensuring processing is complete, valid, accurate, timely, and authorized.
4. Confidentiality: Safeguarding information designated as confidential.
5. Privacy: Managing personal information according to privacy commitments.

Key Points of SOC 2 Type II Compliance:

• Scope: Unlike SOC 1, which focuses on financial reporting controls, SOC 2 focuses more on data security and privacy.
• Evaluation Period: SOC 2 Type II is more rigorous than Type I. While Type I reports on the suitability of the design of controls at a specific point in time, Type II reports on the operational effectiveness of those controls over a defined period. This period typically lasts between 3 to 12 months.
• Assessment: This assessment is conducted by an independent third-party auditor who evaluates how effectively the company's controls protect customer data.
• Documentation: The documentation outlines company’s processes and policies in relation to the trust service principles.

Benefits of SOC 2 Type II Compliance:

• Customer Trust: Demonstrates our commitment to security and has effective controls measures. As a result, customers can use our services with a greater peace of mind.
• Competitive Advantage: Differentiates us in the market, attracting clients who prioritize security.
• Risk Management: Helps identify and mitigate risks related to data security and privacy.
• Regulatory Compliance: Assists in meeting regulatory requirements for data protection and privacy.

As a SOC 2 Type 2 audit monitors our security controls over several months, it’s a more comprehensive report and demonstrates the effectiveness of Runbear’s infrastructure in terms of keeping our customers' data safe. Thus, we believe that achieving SOC 2 Type II compliance strengthens our commitment to data security.

A Big Thank You to Our SOC 2 Support Teams!

We partnered with Johanson Group for our SOC 2 Type II audit. They have been a great partner and guide in our journey towards compliance for these past months.

Want to Learn More?

We are looking forward to leveling up security along with our customers! If you’re interested in working with Runbear, a SOC 2 Type II compliant company, you can get started with us here.