If you’ve been following our journey, you know that we’re always improving Canny. You also might’ve heard that we’re adapting Canny to serve larger organizations better.
But we didn’t just take what we have and decide to sell it to a whole new market. We’re making sure that Canny delivers what that market is looking for.
We know that enterprises are looking for an easy-to-use and secure feedback tool. That’s why we decided to get a System and Organization Controls (SOC) 2 Type II audit.
It’s a rigorous auditing procedure from the American Institute of CPAs (AICPA) that checks our security policies, procedures, and controls. It also specifies how organizations should manage customer data. This protects our interests and your privacy.
We’ve been SOC 2 Type I compliant since 2019. This meant that our security procedures were SOC 2 compliant at a point when the audit was performed.
We’ve now decided to take it one step further. SOC 2 Type II, the next audit stage, shows that a company is compliant for 90 days.
Canny completed a thorough SOC 2 Type II compliance audit administered by our independent auditor Sensiba San Filippo.
We documented all our processes and data management infrastructure. We also developed a progressive approach to data access permissions. Drata, our independent security and compliance partners, reviewed our security procedures and helped us through this process.
As a result, our SOC 2 Type II audit came back clean, showing our compliance with the SOC 2 security standard.
And we’re not stopping there – we’re continually auditing and improving our security. We are committed to getting a new SOC 2 Type II report annually.
- To give our clients peace of mind (including our Free plan users!)
- To make it easier for new companies to partner with us
- To better serve the enterprise market
Everyone’s heard of at least one major security breach from a well-known company. That’s why security is so crucial. The last thing we want is to compromise any data, especially our customers’ data (and their users’ data).
We strive to be the very best version of Canny possible! We’re now working on:
- Expanding our SOC 2 Type II security compliance to all five standards – security, availability, processing integrity, confidentiality, and privacy
- Getting ISO 27001 compliance
Stay tuned for our future updates – subscribe to our blog.