Keebo Achieves SOC 2 Type II Certification

Keebo is SOC 2 Type II Certified

SOC 2 Type II certification demonstrates Keebo’s commitment to secure design and operations so you can implement Keebo with confidence.

In 2022, there were 1,802 data compromises in the USA alone, affecting over 400 million individuals. It is natural, then, that when you are considering a B2B SaaS product, you should not only investigate its design, but also demand independent auditing as well.

Keebo achieved SOC 2 Type II certification in 2023 and has maintained continuous compliance since. At Keebo, we are ready for you to examine both our design and our certifications.

Let’s discuss SOC 2 compliance and what it means for your organization.

SOC 2 Type II Compliance

The American Institute of Certified Public Accountants (AICPA) has instituted System and Organization Controls (SOC) as a voluntary and open standard for security and privacy. SOC is the ideal certification for SaaS companies that handle customer data, due to its focus on trust criteria and internal controls. It includes multiple reports: SOC 1 covers an organization’s internal financial controls and reporting, while SOC 2 is more relevant for SaaS companies and focuses on how customer data is managed and protected. For most SaaS products, a SOC 2 Type II report is considered table stakes during evaluation.

As a summary, SOC 2 considers 64 criteria in 5 overlapping categories:

  1. Security: firewalls, intrusion detection, and authentication.
  2. Availability: performance monitoring, disaster recovery, incident handling.
  3. Confidentiality: encryption, access controls, firewalls.
  4. Processing integrity: quality assurance, process monitoring, adherence to principle.
  5. Privacy: access control, multi-factor authentication, encryption.

In addition, there are 2 types of SOC 2 compliance:

  • Type I: Certifies that an organization’s systems actually meet the relevant criteria at a specific point in time. 
  • Type II: Certifies the actual effectiveness of the organization by auditing them on regular intervals.

Type II is more difficult to achieve because it requires expensive, regularly-occurring audits. This gives you confidence that Keebo not only has the standards and processes to be SOC 2 compliant, but that we actually live up to those standards and processes over the long term. We didn’t simply pass a one-time test, but proved our ongoing capability and trustworthiness.

Keebo’s Security Principles

When you approach your organization’s security team about our free trial, you can not only feel good about our security capabilities but you can save a lot of time since our standards and practices are known and audited.

Let’s summarize our security principles:

  • Access only usage metadata (76 fields total), never user data. This is perhaps the most important point: you don’t need to give Keebo access to user data for Warehouse Optimization. Metadata fields that could be sensitive, such as query text, are encrypted in the customer’s environment before Keebo sees them.
  • Run within dedicated instances, separating each customer’s queries and models.
  • Encrypt all communications during transit and at rest (TLS1.2, Google KMS using FIPS 140-2 Level 3).
  • Automated monitoring of code with every release, plus regular 3rd-party penetration testing.
  • All computations carried out inside DB.
Learn More

Related Posts