Announcing SOC 2 Type II Compliance

Security has been a priority from Day One, now affirmed with a SOC 2.

By
July 22, 2021

We're happy to announce that Metaplane is the first modern data observability platform to have successfully completed its SOC 2 Type II audit. We partnered with Vanta, a compliance management solution, to continuously monitor our security posture. The audit was conducted by Dansa D’Arata Soucia LLP, a full-service CPA firm based out of New York.

What is SOC 2?

SOC 2 engagements are based on the Trust Service Criteria of the American Institute of CPA (AICPA). SOC 2 audit reports focus on a Service Organization’s non-financial reporting controls as they relate to Security, Availability, Confidentiality, Processing Integrity and Privacy of a system.

The official audit report provides a thorough review of Metaplane's internal controls, policies, and processes. It also reviews Metaplane's processes relating to risk management and subservice (vendor) due diligence, as well as Metaplane's entire IT infrastructure, software development life cycle, change management, logical security, network security, physical & environmental security, and computer operations.

What is Type I vs Type II?

A Type I report reviews the suitability of an organization's controls as of a specified date. While a Type I report is a strong start, and communicates that an organization is oriented in a secure direction, it ultimately requires the customer to trust that the controls are implemented properly. An incident or system change could occur the day after a report without the report being affected.

In contrast, a Type II reviews the suitability over a specified period of time. Unlike the trust required with a Type I, a Type II report is proof that controls have been implemented properly over several months. All incidents and significant changes have to be documented in the report, resulting in a fuller picture of how an organization deals with security over time.

Why is this important?

High-leverage data teams choose Metaplane as a data observability platform that helps them save time and preserve trust. Customers that use our fully managed option can trust that their metadata is secure.

If you are an existing Metaplane customer, you can reach out to us for a copy of our SOC 2 report. If you are considering Metaplane as a data observability platform, please feel free to reach out and we can provide our report.

Announcing SOC 2 Type II Compliance

Security has been a priority from Day One, now affirmed with a SOC 2.

By
July 22, 2021

We're happy to announce that Metaplane is the first modern data observability platform to have successfully completed its SOC 2 Type II audit. We partnered with Vanta, a compliance management solution, to continuously monitor our security posture. The audit was conducted by Dansa D’Arata Soucia LLP, a full-service CPA firm based out of New York.

What is SOC 2?

SOC 2 engagements are based on the Trust Service Criteria of the American Institute of CPA (AICPA). SOC 2 audit reports focus on a Service Organization’s non-financial reporting controls as they relate to Security, Availability, Confidentiality, Processing Integrity and Privacy of a system.

The official audit report provides a thorough review of Metaplane's internal controls, policies, and processes. It also reviews Metaplane's processes relating to risk management and subservice (vendor) due diligence, as well as Metaplane's entire IT infrastructure, software development life cycle, change management, logical security, network security, physical & environmental security, and computer operations.

What is Type I vs Type II?

A Type I report reviews the suitability of an organization's controls as of a specified date. While a Type I report is a strong start, and communicates that an organization is oriented in a secure direction, it ultimately requires the customer to trust that the controls are implemented properly. An incident or system change could occur the day after a report without the report being affected.

In contrast, a Type II reviews the suitability over a specified period of time. Unlike the trust required with a Type I, a Type II report is proof that controls have been implemented properly over several months. All incidents and significant changes have to be documented in the report, resulting in a fuller picture of how an organization deals with security over time.

Why is this important?

High-leverage data teams choose Metaplane as a data observability platform that helps them save time and preserve trust. Customers that use our fully managed option can trust that their metadata is secure.

If you are an existing Metaplane customer, you can reach out to us for a copy of our SOC 2 report. If you are considering Metaplane as a data observability platform, please feel free to reach out and we can provide our report.