Chatwoot is now SOC 2 Type II compliant

Sojan V Jose

Sojan V Jose

Published on

2 minute read

We are thrilled to announce that Chatwoot is now SOC 2 Type II compliant. This is a result of over half a year of rigorous work and is a significant milestone for us. This is also a testament to our commitment to providing the highest level of security and compliance to our customers.

What is SOC 2?

SOC 2 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It is designed to ensure that service providers have appropriate controls and processes in place to protect customer data and maintain the confidentiality, integrity, and availability of systems and information.

There are two types of SOC 2.

SOC 2 Type I

These reports are designed to provide an overview of the design and implementation of controls the company have in place.

SOC 2 Type II

These reports provide a more comprehensive evaluation of the effectiveness of controls over a period of time (usually 6-12 months). An external auditor will verify that these controls are followed during the audit period.

We decided to go for Type II because we take the security and privacy of our customers' data very seriously. This compliance involved rigorous testing and validation of our security controls and processes by an independent auditor. It also included a review of our policies and procedures, as well as an assessment of our physical, network, and application security.

What does this mean for our customers?

With SOC 2 compliance, our customers can be assured that we are taking all necessary steps to protect their data and meet their compliance requirements. We understand that security and compliance are critical components of our customers' trust, and we are committed to maintaining the highest standards in these areas.

This report also gives the following insights into how we deliver our products and services.

  • Secure personnel: All employments in Chatwoot are in accordance with local laws and industry best practices. All personnel go through required background checks, confidentiality agreements and training programs.
  • Secure development: All product development in Chatwoot follows the appropriate secure development lifecycle principles.
  • Secure testing: Chatwoot has designated security and vulnerability testing programs for its production and internet-facing systems.
  • Cloud security: Chatwoot implements the cloud security requisites as per  SOC 2 standards.  
  • Compliance:  Chatwoot Inc is committed to providing secure products and services.

At Chatwoot, we believe that trust is earned through transparency and accountability, and we will continue to invest in our security and compliance programs to maintain the trust of our customers. We are excited to continue serving our customers with the same level of excellence that they expect from us.

Thank you for your continued trust in Chatwoot.