At Litmus, we talk a lot about Trust. In fact, Trust is one of our core Litmus principles. Trust permeates everything we do at Litmus. We want Litmus to be a partner you can count on, so we constantly improve the reliability of our product, focus on delivering the best customer support, and put privacy and security at the center of everything we do. With this mindset, we recently undertook the process of a SOC 2 Type 1 examination.
What’s SOC 2 and why does it matter?
The SOC 2 report is an independent CPA attestation that provides opinions on our operational controls at Litmus. SOC 2, as a framework, covers controls that are relevant to the security, availability, or processing integrity of a system. These are called Trust Services. Litmus decided to focus on the Security Trust Service, and the examination was conducted by Schellman & Company, LLC.
Litmus is very proud to have successfully completed the SOC 2 Type 1 examination on August 31, 2019.
The Trust Principle
The Litmus information security policies cover a lot of varying processes and parts of our business. On the highest level, they encompass processes from how we onboard new employees to Litmus and assign access to systems, to how we make changes to our production software. So let’s just say, this has been a lot of work.
But, our work on Trust as a core principle of Litmus actually began a couple of years ago. Litmus lets the Trust principle guide us in several areas of our organization and product that set us apart:
- We launched Enterprise-class Security Controls to empower Litmus customers to gain full control over their accounts
With Litmus’ Advanced Enterprise Security features, we give you the tools you need to control user access to Litmus and protect your data. Easily authenticate and manage user access with single sign-on powered by SAML, prevent unauthorized access with two-step verification, and tailor Litmus’ security settings to meet the unique requirements of your business with custom password rules, session timeout lengths, and more.
- We choose vendors and partners with care and ensure they comply with the highest privacy and security standards
Each vendor and subprocessor that handles data on behalf of Litmus must comply with Litmus’ data processing standards. We ensure that vendors are and stay compliant through an onboarding process and regular tracking and auditing of our vendors and partners.
- We have a dedicated Security and Site Reliability Team
Security, privacy, and reliability are crucial, and maintaining the highest standard takes time and resources. That’s why we have staff focused on just that. Plus, we’ve invested significantly in infrastructure to improve the fault-tolerance, speed, and reliability of our platform.
- We implemented an industry-leading Privacy Management System
Our privacy management system helps us with the governance around information asset tracking, allows us to reliably handle data subject access requests (DSAR) under GDPR, and more.
The next steps in making Litmus a partner you can trust
Litmus is in this for the long haul. We’ll continue our process maturity and undergo a SOC 2 Type 2 examination in early 2020. But, we’re not stopping there. Litmus will continue investing in our team, product, and infrastructure to ensure we’re providing privacy and security protections that we would expect for the handling of our own data.